CVE-2017-11625Infinite Loop in Project Qpdf

CWE-835Infinite LoopCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 47.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qpdf Project Qpdf
Timeline
PublishedJul 25
Latest updateMay 13

Description

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianqpdf_project/qpdf< 7.0.0-1+3

🔴Vulnerability Details

3
GHSA
GHSA-788g-jgwh-pc92: A stack-consumption vulnerability was found in libqpdf in QPDF 62022-05-13
CVEList
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 62017-07-25
OSV
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 62017-07-25

📋Vendor Advisories

3
Ubuntu
QPDF vulnerabilities2018-05-07
Red Hat
qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc2017-07-25
Debian
CVE-2017-11625: qpdf - A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allo...2017

💬Community

4
Bugzilla
CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc2017-07-26
Bugzilla
CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc [fedora-all]2017-07-26
Bugzilla
CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc [epel-6]2017-07-26
Bugzilla
CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 qpdf: various flaws [fedora-all]2017-05-23
CVE-2017-11625 — Infinite Loop in Qpdf Project Qpdf | cvebase