Astra Linux – Vulnerability in qpdf

A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...

Astra Linux – Vulnerability in qpdf

QPDF versions 9.x through 9.1.1, and 10.x through 10.0.4 have a heap-based buffer overflow in the PlASCII85Decoder::write function invoked from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write operation fails...

The vulnerability of the command-line PDF conversion tool QPDF lies in its memory usage after it is freed. This allows a malicious actor to execute arbitrary code.

The vulnerability of the command-line PDF conversion tool QPDF relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by processing the PlASCII85Decoder::write parameter...

DEBIAN-CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...