CVE-2017-11624Infinite Loop in Project Qpdf

CWE-835Infinite LoopCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qpdf Project Qpdf
Timeline
PublishedJul 25
Latest updateMay 13

Description

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianqpdf_project/qpdf< 7.0.0-1+3

🔴Vulnerability Details

3
GHSA
GHSA-xvf6-564j-w8gx: A stack-consumption vulnerability was found in libqpdf in QPDF 62022-05-13
OSV
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 62017-07-25
CVEList
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 62017-07-25

📋Vendor Advisories

3
Ubuntu
QPDF vulnerabilities2018-05-07
Red Hat
qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc2017-07-25
Debian
CVE-2017-11624: qpdf - A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allo...2017

💬Community

4
Bugzilla
CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc2017-07-26
Bugzilla
CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc [epel-6]2017-07-26
Bugzilla
CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc [fedora-all]2017-07-26
Bugzilla
CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 qpdf: various flaws [fedora-all]2017-05-23
CVE-2017-11624 — Infinite Loop in Qpdf Project Qpdf | cvebase