CVE-2017-18185Out-of-bounds Read in Project Qpdf

CWE-125Out-of-bounds Read8 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qpdf Project Qpdf
Timeline
PublishedFeb 13
Latest updateMay 14

Description

An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDqpdf_project/qpdf< 7.0.0
Debianqpdf_project/qpdf< 7.0.0-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-36w8-h6xw-wxr6: An issue was discovered in QPDF before 72022-05-14
CVEList
CVE-2017-18185: An issue was discovered in QPDF before 72018-02-13
OSV
CVE-2017-18185: An issue was discovered in QPDF before 72018-02-13

📋Vendor Advisories

3
Ubuntu
QPDF vulnerabilities2018-05-07
Red Hat
qpdf: large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc2017-08-27
Debian
CVE-2017-18185: qpdf - An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of...2017

💬Community

1
Bugzilla
CVE-2017-18185 qpdf: large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc2018-02-14
CVE-2017-18185 — Out-of-bounds Read in Project Qpdf | cvebase