OSV-2024-18

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2024-18.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-18
Published
2024-01-19T00:01:09.084916Z
Modified
2025-01-10T05:03:37.159682Z
Summary
Heap-use-after-free in QPDF::read_xref
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65777

Crash type: Heap-use-after-free READ 8
Crash state:
QPDF::read_xref
QPDF::reconstruct_xref
QPDF::parse
References

Affected packages

OSS-Fuzz / qpdf

Package

Name
qpdf
Purl
pkg:generic/qpdf

Affected ranges

Affected versions

v11.*
v11.8.0

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

fixed_range
"0109e365decfdc2e8fbb920b4179d32daeeb96ae:6b80e0f14b296c21d38a92e25af72da9bf5757ae"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2024-18.yaml"