Lucene search

[email protected]NVD:CVE-2022-34503

HistoryJul 22, 2022 - 3:15 p.m.

CVE-2022-34503

2022-07-2215:15:08

CWE-787

[email protected]

web.nvd.nist.gov

qpdf

v8.4.2

heap buffer overflow

vulnerability

denial of service

pdf file

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.4%

JSON

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Affected configurations

Nvd

Node

qpdf_projectqpdfMatch8.4.2

VendorProductVersionCPE
qpdf_projectqpdf8.4.2cpe:2.3:a:qpdf_project:qpdf:8.4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qpdf_project	qpdf	8.4.2	cpe:2.3:a:qpdf_project:qpdf:8.4.2:::::::*

References

github.com/qpdf/qpdf/issues/701

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.4%

JSON

Related for NVD:CVE-2022-34503

osv1 redhatcve1 nessus3 veracode1 cvelist1 prion1 debiancve1 cve1 ubuntucve1 amazon1 suse1 openvas3