OSV-2020-863

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-863.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2020-863
Published
2020-07-14T22:13:49.052148Z
Modified
2022-04-13T03:04:31.543182Z
Summary
Use-of-uninitialized-value in QPDFTokenizer::isSpace
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20391

Crash type: Use-of-uninitialized-value
Crash state:
QPDFTokenizer::isSpace
QPDFTokenizer::presentCharacter
QPDFTokenizer::readToken
References

Affected packages

OSS-Fuzz / qpdf

Package

Name
qpdf
Purl
pkg:generic/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf.git
Events
Introduced
793d987b5fdd55330f2c0df532114c0ce13a25af
Fixed
232f5fc9f3bed8e1b02bca5d10b2eca444e30f95

Affected versions

release-qpdf-10.*

release-qpdf-10.0.0
release-qpdf-10.0.1

release-qpdf-9.*

release-qpdf-9.0.0
release-qpdf-9.0.1
release-qpdf-9.0.2
release-qpdf-9.1.0
release-qpdf-9.1.1
release-qpdf-9.1.rc1

Ecosystem specific 

{
    "severity": "MEDIUM"
}