CVE-2024-24246 — Out-of-bounds Write in Project Qpdf

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow CWE-126 — Buffer Over-read7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qpdf Project Qpdf Fedoraproject Fedora

Timeline

PublishedFeb 29

Latest updateMar 25

Description

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianqpdf_project/qpdf< 11.9.0-1+1

▶NVDqpdf_project/qpdf11.9.0

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

CVEList

CVE-2024-24246: Heap Buffer Overflow vulnerability in qpdf 11↗2024-02-29

▶

GHSA

GHSA-6733-f273-8q48: Heap Buffer Overflow vulnerability in qpdf 11↗2024-02-29

▶

OSV

CVE-2024-24246: Heap Buffer Overflow vulnerability in qpdf 11↗2024-02-29

▶

📋Vendor Advisories

Ubuntu

QPDF vulnerability↗2024-03-25

▶

Red Hat

qpdf: Heap Buffer Overflow vulnerability in qpdf↗2024-02-29

▶

Debian

CVE-2024-24246: qpdf - Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the ...↗2024

▶