CVE-2021-25786

Source
https://cve.org/CVERecord?id=CVE-2021-25786
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25786.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-25786
Downstream
Published
2023-08-11T14:15:11.987Z
Modified
2026-07-09T01:30:18.970922Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

References

Affected packages

Git / github.com/qpdf/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf
Events
Database specific
{
    "cpe": "cpe:2.3:a:qpdf_project:qpdf:10.0.4:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "10.0.4"
        },
        {
            "last_affected": "10.0.4"
        }
    ]
}

Affected versions

10.*
10.0.4
release-qpdf-10.*
release-qpdf-10.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25786.json"