A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an infinite loop.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpdf | Qpdf_project | 6.0.0 (including) | 6.0.0 (including) |
| Qpdf | Ubuntu | esm-infra/xenial | * |
| Qpdf | Ubuntu | trusty | * |
| Qpdf | Ubuntu | upstream | * |
| Qpdf | Ubuntu | xenial | * |
| Qpdf | Ubuntu | zesty | * |
References
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html
- https://github.com/qpdf/qpdf/issues/119
- https://usn.ubuntu.com/3638-1/
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html
- https://github.com/qpdf/qpdf/issues/119
- https://usn.ubuntu.com/3638-1/