CVE-2017-11626

Priority
Negligible
Description
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which
allows attackers to cause a denial of service via a crafted file, related
to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after
four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite
loop."
References
Bugs
Package
Source: qpdf (LP Ubuntu Debian)
Upstream:released (7.0.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):ignored (reached end-of-life)
Ubuntu 17.10 (Artful Aardvark):not-affected (7.0.0-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7.0.0-1)
More Information

Updated: 2018-01-15 13:24:31 UTC (commit 14005)