CVE-2017-11626

Published: Jul 25, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

Affected (1)

Products: Qpdf Project: Qpdf

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qpdf Project Qpdf	Version 6.0.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/qpdf/qpdf/issues/119

Source: cve@mitre.org

ExploitThird Party Advisory

https://usn.ubuntu.com/3638-1/

Source: cve@mitre.org

http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/qpdf/qpdf/issues/119

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://usn.ubuntu.com/3638-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.