A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "8.0.2-3~14.04.1", "binary_name": "libqpdf-dev" }, { "binary_version": "8.0.2-3~14.04.1", "binary_name": "libqpdf21" }, { "binary_version": "8.0.2-3~14.04.1", "binary_name": "libqpdf21-dbgsym" }, { "binary_version": "8.0.2-3~14.04.1", "binary_name": "qpdf" }, { "binary_version": "8.0.2-3~14.04.1", "binary_name": "qpdf-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "8.0.2-3~16.04.1", "binary_name": "libqpdf-dev" }, { "binary_version": "8.0.2-3~16.04.1", "binary_name": "libqpdf21" }, { "binary_version": "8.0.2-3~16.04.1", "binary_name": "libqpdf21-dbgsym" }, { "binary_version": "8.0.2-3~16.04.1", "binary_name": "qpdf" }, { "binary_version": "8.0.2-3~16.04.1", "binary_name": "qpdf-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "7.0.0-1", "binary_name": "libqpdf-dev" }, { "binary_version": "7.0.0-1", "binary_name": "libqpdf18" }, { "binary_version": "7.0.0-1", "binary_name": "libqpdf18-dbgsym" }, { "binary_version": "7.0.0-1", "binary_name": "qpdf" }, { "binary_version": "7.0.0-1", "binary_name": "qpdf-dbgsym" } ] }