A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
References
Link | Resource |
---|---|
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html | Exploit Third Party Advisory |
https://github.com/qpdf/qpdf/issues/117 | Exploit Third Party Advisory |
https://usn.ubuntu.com/3638-1/ | |
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html | Exploit Third Party Advisory |
https://github.com/qpdf/qpdf/issues/117 | Exploit Third Party Advisory |
https://usn.ubuntu.com/3638-1/ |
Configurations
History
21 Nov 2024, 03:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html - Exploit, Third Party Advisory | |
References | () https://github.com/qpdf/qpdf/issues/117 - Exploit, Third Party Advisory | |
References | () https://usn.ubuntu.com/3638-1/ - |
Information
Published : 2017-07-25 23:29
Updated : 2024-11-21 03:08
NVD link : CVE-2017-11624
Mitre link : CVE-2017-11624
CVE.ORG link : CVE-2017-11624
JSON object : View
Products Affected
qpdf_project
- qpdf
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')