CVE-2015-9252 — Uncontrolled Resource Consumption in Project Qpdf

CWE-399 CWE-400 — Uncontrolled Resource Consumption8 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qpdf Project Qpdf

Timeline

PublishedFeb 13

Latest updateMay 14

Description

An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDqpdf_project/qpdf< 7.0.0

▶Debianqpdf_project/qpdf< 7.0.0-1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-8xcr-vf9j-wxvr: An issue was discovered in QPDF before 7↗2022-05-14

▶

CVEList

CVE-2015-9252: An issue was discovered in QPDF before 7↗2018-02-13

▶

OSV

CVE-2015-9252: An issue was discovered in QPDF before 7↗2018-02-13

▶

📋Vendor Advisories

Ubuntu

QPDF vulnerabilities↗2018-05-07

▶

Red Hat

qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc↗2015-09-02

▶

Debian

CVE-2015-9252: qpdf - An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exh...↗2015

▶

💬Community

Bugzilla

CVE-2015-9252 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc↗2018-02-14

▶