Qpdf

qpdf

Vendor: Qpdf Project • 19 CVEs

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-24246 2Fedoraproject Qpdf Project 2Fedora Qpdf Nov 4, 2025 Feb 29, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
CVE-2021-25786 1Qpdf Project 1Qpdf Nov 21, 2024 Aug 11, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
CVE-2022-34503 1Qpdf Project 1Qpdf Nov 21, 2024 Jul 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2021-36978 1Qpdf Project 1Qpdf Nov 21, 2024 Jul 20, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
CVE-2018-18020 1Qpdf Project 1Qpdf Nov 21, 2024 Oct 6, 2018 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
CVE-2018-9918 2Canonical Qpdf Project 2Qpdf Ubuntu Linux Nov 21, 2024 Apr 10, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and...Show more libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.Show less
CVE-2017-18186 1Qpdf Project 1Qpdf Nov 21, 2024 Feb 13, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
CVE-2017-18185 1Qpdf Project 1Qpdf Nov 21, 2024 Feb 13, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
CVE-2017-18184 1Qpdf Project 1Qpdf Nov 21, 2024 Feb 13, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
CVE-2017-18183 1Qpdf Project 1Qpdf Nov 21, 2024 Feb 13, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
CVE-2015-9252 1Qpdf Project 1Qpdf Nov 21, 2024 Feb 13, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
CVE-2017-12595 1Qpdf Project 1Qpdf May 13, 2026 Aug 27, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other im...Show more The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.Show less
CVE-2017-11627 1Qpdf Project 1Qpdf May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite lo...Show more A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."Show less
CVE-2017-11626 1Qpdf Project 1Qpdf May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc afte...Show more A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."Show less
CVE-2017-11625 1Qpdf Project 1Qpdf May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infin...Show more A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."Show less
CVE-2017-11624 1Qpdf Project 1Qpdf May 13, 2026 Jul 25, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc afte...Show more A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."Show less
CVE-2017-9210 2Canonical Qpdf Project 2Qpdf Ubuntu Linux May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-9209 2Canonical Qpdf Project 2Qpdf Ubuntu Linux May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-9208 2Canonical Qpdf Project 2Qpdf Ubuntu Linux May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.