A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
References
Link | Resource |
---|---|
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html | Exploit Third Party Advisory |
https://github.com/qpdf/qpdf/issues/117 | Exploit Third Party Advisory |
https://usn.ubuntu.com/3638-1/ |
Configurations
History
No history.
Information
Published : 2017-07-25 23:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-11624
Mitre link : CVE-2017-11624
CVE.ORG link : CVE-2017-11624
JSON object : View
Products Affected
qpdf_project
- qpdf
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')