Lucene search

[email protected]CVE-2022-34503

HistoryJul 22, 2022 - 3:15 p.m.

CVE-2022-34503

2022-07-2215:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-34503

qpdf

heap buffer overflow

processxrefstream

dos

pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

30.3%

JSON

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CPENameOperatorVersion
qpdf_project:qpdfqpdf project qpdfeq8.4.2

CPE	Name	Operator	Version
qpdf_project:qpdf	qpdf project qpdf	eq	8.4.2

References

github.com/qpdf/qpdf/issues/701

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for CVE-2022-34503

redhatcve1 osv1 veracode1 nessus3 amazon1 ubuntucve1 debiancve1 prion1 suse1 openvas3