CVE-2017-11626

Priority
Negligible
Description
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which
allows attackers to cause a denial of service via a crafted file, related
to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after
four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite
loop."
References
Bugs
Package
Source: qpdf (LP Ubuntu Debian)
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
More Information

Updated: 2017-08-17 16:14:13 UTC (commit 13123)