CVE-2017-11626

Published: 07/25/2017 23:29:00
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
MEDIUM
CVSS v3: 5.5

Status

DocFilters Release Package State Justification Comment
25.1 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.4 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.4.0 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.3 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.2.1 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.2 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
24.1 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
23.3 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
23.2.1 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
23.2 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
23.1 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
22.4 qpdf (8.4.0) Not Affected Code Not Present 8.4.0 does not match CVE configuration.
22.3 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
22.2 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
22.1 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.11.1 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.11 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.8.1 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.8 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.5.1 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.5.0 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
21.2.0 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.20 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.19.3667 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.18.3599 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.17 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.16.3445 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.15.3368 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.14.3263 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.13.3179 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.12.3054 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.11.3040 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.11.2990 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.10.2934 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.9.2878 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.
11.4.8.2822 qpdf (8.0.0) Not Affected Code Not Present 8.0.0 does not match CVE configuration.

Severity score breakdown

Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.0

References