Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-36978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when...

5.5CVSS5.3AI score0.01272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 8 : qpdf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: Heap use after free in PlASCII85Decoder::write CVE-2021-25786 - qpdf: heap-based buffer overflow in...

5.5CVSS5.1AI score0.01281EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.27 views

Amazon Linux 2 : qpdf (ALAS-2024-2409)

The version of qpdf installed on the remote host is prior to 5.0.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2409 advisory. 2024-01-17: CVE-2021-36978 was added to this advisory. An issue was discovered in QPDF version 10.0.4, allows remote attacker...

5.5CVSS6.1AI score0.01272EPSS
Exploits1References6
Amazon
Amazon
added 2024/01/09 12:0 a.m.4 views

Important: qpdf

Issue Overview: An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf. CVE-2021-25786 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in...

5.5CVSS8.5AI score0.01272EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/08/31 12:0 a.m.15 views

Debian: Security Advisory (DLA-3548-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS4.9AI score0.01281EPSS
Exploits2References4
Amazon
Amazon
added 2023/06/27 12:0 a.m.20 views

Medium: qpdf

Issue Overview: QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails. CVE-2021-36978 Affected Packages: qpdf Note: This advisory is applicable to Amazon Lin...

5.5CVSS5AI score0.01272EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.24 views

openSUSE: Security Advisory for qpdf (SUSE-SU-2022:3248-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS5.7AI score0.01272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.27 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qpdf (SUSE-SU-2022:3248-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3248-1 advisory. - CVE-2021-36978: Fixed heap-based buffer overflow in PlASCII85Decoder::write bsc1188514. Tenable has...

5.5CVSS6.1AI score0.01272EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.44 views

SUSE SLES15 / openSUSE 15 Security Update : qpdf (SUSE-SU-2022:2670-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2670-1 advisory. - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream bsc1201830. - CVE-2021-36978:...

6.5CVSS6.3AI score0.01272EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2022/08/05 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2022:2670-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS4.3AI score0.01272EPSS
Exploits1References5
OSV
OSV
added 2021/08/02 2:15 p.m.5 views

USN-5026-2 qpdf vulnerabilities

USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources,...

5.5CVSS6AI score0.01281EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2021/07/29 4:28 p.m.112 views

USN-5026-1: QPDF vulnerabilities

It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18020 It was discovered that QPDF incorrectly handled certa...

5.5CVSS5.4AI score0.01281EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/20 7:15 a.m.23 views

CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

5.5CVSS5.9AI score0.01272EPSS
Exploits0References4
CVE
CVE
added 2021/07/20 12:0 a.m.106 views

CVE-2021-36978

Summary: CVE-2021-36978 affects QPDF versions 9.x up to 9.1.1 and 10.x up to 10.0.4, due to a heap-based buffer overflow in Pl_ASCII85Decoder::write (invoked via Pl_AES_PDF::flush/finish) when a downstream write fails. This can enable arbitrary code execution or, per reports, cause crashes or ins...

5.5CVSS5.7AI score0.01272EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder