14 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-36978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when...
RHEL 8 : qpdf (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpdf: Heap use after free in PlASCII85Decoder::write CVE-2021-25786 - qpdf: heap-based buffer overflow in...
Amazon Linux 2 : qpdf (ALAS-2024-2409)
The version of qpdf installed on the remote host is prior to 5.0.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2409 advisory. 2024-01-17: CVE-2021-36978 was added to this advisory. An issue was discovered in QPDF version 10.0.4, allows remote attacker...
Important: qpdf
Issue Overview: An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf. CVE-2021-25786 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in...
Debian: Security Advisory (DLA-3548-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: qpdf
Issue Overview: QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails. CVE-2021-36978 Affected Packages: qpdf Note: This advisory is applicable to Amazon Lin...
openSUSE: Security Advisory for qpdf (SUSE-SU-2022:3248-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qpdf (SUSE-SU-2022:3248-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3248-1 advisory. - CVE-2021-36978: Fixed heap-based buffer overflow in PlASCII85Decoder::write bsc1188514. Tenable has...
SUSE SLES15 / openSUSE 15 Security Update : qpdf (SUSE-SU-2022:2670-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2670-1 advisory. - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream bsc1201830. - CVE-2021-36978:...
SUSE: Security Advisory (SUSE-SU-2022:2670-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5026-2 qpdf vulnerabilities
USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources,...
USN-5026-1: QPDF vulnerabilities
It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18020 It was discovered that QPDF incorrectly handled certa...
CVE-2021-36978
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...
CVE-2021-36978
Summary: CVE-2021-36978 affects QPDF versions 9.x up to 9.1.1 and 10.x up to 10.0.4, due to a heap-based buffer overflow in Pl_ASCII85Decoder::write (invoked via Pl_AES_PDF::flush/finish) when a downstream write fails. This can enable arbitrary code execution or, per reports, cause crashes or ins...