A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an infinite loop.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qpdf | Qpdf_project | 6.0.0 (including) | 6.0.0 (including) |
Qpdf | Ubuntu | trusty | * |
Qpdf | Ubuntu | upstream | * |
Qpdf | Ubuntu | xenial | * |
Qpdf | Ubuntu | zesty | * |