PublicDateAtUSN: 2018-02-13
Candidate: CVE-2015-9252
PublicDate: 2018-02-13 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9252
 https://ubuntu.com/security/notices/USN-3638-1
Description:
 An issue was discovered in QPDF before 7.0.0. Endless recursion causes
 stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc,
 related to the QPDF::resolve function in QPDF.cc.
Ubuntu-Description:
Notes:
 mdeslaur> this patch breaks ABI
Bugs:
 https://github.com/qpdf/qpdf/issues/51
Priority: low
Discovered-by: Hanno Böck
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_qpdf:
 upstream: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
upstream_qpdf: released (7.0.0-1)
precise/esm_qpdf: DNE
trusty_qpdf: released (8.0.2-3~14.04.1)
trusty/esm_qpdf: DNE (trusty was released [8.0.2-3~14.04.1])
xenial_qpdf: released (8.0.2-3~16.04.1)
esm-infra/xenial_qpdf: released (8.0.2-3~16.04.1)
artful_qpdf: not-affected (7.0.0-1)
bionic_qpdf: not-affected
devel_qpdf: not-affected