PublicDateAtUSN: 2017-07-25
Candidate: CVE-2017-11627
PublicDate: 2017-07-25 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11627
 http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
 https://ubuntu.com/security/notices/USN-3638-1
Description:
 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which
 allows attackers to cause a denial of service via a crafted file, related
 to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Ubuntu-Description:
Notes:
 mdeslaur> fixed by one of the other infinite loop CVEs
Bugs:
 https://github.com/qpdf/qpdf/issues/118
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
Priority: negligible
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_qpdf:
 upstream: https://github.com/qpdf/qpdf/commit/ac3c81a8edcb44e2669485630d6718c96a6ad6e9 (test)
upstream_qpdf: released (7.0.0-1)
precise/esm_qpdf: DNE
trusty_qpdf: released (8.0.2-3~14.04.1)
trusty/esm_qpdf: DNE (trusty was released [8.0.2-3~14.04.1])
vivid/ubuntu-core_qpdf: DNE
xenial_qpdf: released (8.0.2-3~16.04.1)
esm-infra/xenial_qpdf: released (8.0.2-3~16.04.1)
zesty_qpdf: ignored (reached end-of-life)
artful_qpdf: not-affected (7.0.0-1)
bionic_qpdf: not-affected (7.0.0-1)
devel_qpdf: not-affected (7.0.0-1)