Summary: | <app-text/qpdf-7.0.0: recursive tokenizer allows denial of service | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 626446 | ||
Bug Blocks: |
Description
Aleksandr Wagner (Kivak)
2017-08-27 21:59:46 UTC
I just tested versions 5.1.1-r1 and 5.1.3-r1, they both return segmentation faults. This bug has been fixed in the new 7.0.0 release: 2017-08-25 Jay Berkenbilt <ejb@ql.org> * Re-implement parser iteratively to avoid stack overflow on very deeply nested arrays and dictionaries. Fixes #146. @ Maintainer(s): Please advise how you would like to proceed. GLSA Vote: No cleanup will be tracked in bug #647776 |