CVE-2017-11627

Published: 25 July 2017

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
qpdf
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.0.0-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (8.0.2-3~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [8.0.2-3~14.04.1])
Patches:
Upstream: https://github.com/qpdf/qpdf/commit/ac3c81a8edcb44e2669485630d6718c96a6ad6e9 (test)