Lucene search

GoogleOSV:SUSE-SU-2024:2173-1

HistoryJun 24, 2024 - 5:20 a.m.

Security update for qpdf

2024-06-2405:20:37

Google

osv.dev

qpdf

update

security

mishandled dictionary key

denial of service

cve-2018-9918

bsc#1089090

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

JSON

This update for qpdf fixes the following issues:

CVE-2018-9918: Fixed mishandled ‘expected dictionary key but found non-name object’ cases that could have allowed attackers to cause a denial of service. (bsc#1089090)

References

bugzilla.suse.com/1089090

www.suse.com/security/cve/CVE-2018-9918

www.suse.com/support/update/announcement/2024/suse-su-20242173-1/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

JSON

Related for OSV:SUSE-SU-2024:2173-1