Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Qpdf ProjectQpdf

19 matches found

CVE
CVEadded 2024/02/29 8:15 p.m.599 views

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

5.5CVSS5.2AI score0.0016EPSS
CVE
CVEadded 2017/07/25 11:29 p.m.95 views

CVE-2017-11624

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite lo...

5.5CVSS5.5AI score0.00338EPSS
CVE
CVEadded 2017/07/25 11:29 p.m.95 views

CVE-2017-11626

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite l...

5.5CVSS5.5AI score0.00338EPSS
CVE
CVEadded 2017/08/27 3:29 p.m.88 views

CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...

7.8CVSS7.9AI score0.00973EPSS
CVE
CVEadded 2017/07/25 11:29 p.m.87 views

CVE-2017-11625

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."

5.5CVSS5.5AI score0.00306EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.86 views

CVE-2017-9208

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

5.5CVSS5.2AI score0.00432EPSS
CVE
CVEadded 2017/07/25 11:29 p.m.85 views

CVE-2017-11627

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

5.5CVSS5.7AI score0.00294EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.84 views

CVE-2017-9210

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

5.5CVSS5.2AI score0.00283EPSS
CVE
CVEadded 2021/07/20 7:15 a.m.83 views

CVE-2021-36978

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.

5.5CVSS5.7AI score0.00079EPSS
CVE
CVEadded 2017/05/23 4:29 a.m.82 views

CVE-2017-9209

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

5.5CVSS5.2AI score0.00232EPSS
CVE
CVEadded 2018/02/13 7:29 p.m.65 views

CVE-2017-18186

An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.

5.5CVSS5.4AI score0.00323EPSS
CVE
CVEadded 2018/02/13 7:29 p.m.59 views

CVE-2017-18183

An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

5.5CVSS5.5AI score0.00323EPSS
CVE
CVEadded 2018/02/13 7:29 p.m.56 views

CVE-2015-9252

An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.

5.5CVSS5.4AI score0.00314EPSS
CVE
CVEadded 2018/04/10 6:29 p.m.56 views

CVE-2018-9918

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.

7.8CVSS7.2AI score0.00107EPSS
CVE
CVEadded 2022/07/22 3:15 p.m.56 views

CVE-2022-34503

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

6.5CVSS6.2AI score0.00101EPSS
CVE
CVEadded 2023/08/11 2:15 p.m.54 views

CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

5.3CVSS5.8AI score0.00302EPSS
CVE
CVEadded 2018/02/13 7:29 p.m.53 views

CVE-2017-18184

An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.

5.5CVSS5.5AI score0.00101EPSS
CVE
CVEadded 2018/02/13 7:29 p.m.53 views

CVE-2017-18185

An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.

5.5CVSS5.6AI score0.00156EPSS
CVE
CVEadded 2018/10/06 2:29 p.m.49 views

CVE-2018-18020

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.

4.3CVSS4.4AI score0.00107EPSS