CVE-2021-36978: QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2b03edb1da4080468b7bb7a363ee71c9314bdf84 commit 2b03edb1da4080468b7bb7a363ee71c9314bdf84 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-15 13:05:16 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-15 13:05:41 +0000 [ GLSA 202401-20 ] QPDF: Buffer Overflow Bug: https://bugs.gentoo.org/803110 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-20.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)