Your submission was sent successfully! Close

CVE-2021-36978

Published: 20 July 2021

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
qpdf
Launchpad, Ubuntu, Debian
bionic
Released (8.0.2-3ubuntu0.1)
focal
Released (9.1.1-1ubuntu0.1)
hirsute Not vulnerable
(10.3.1-1)
impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (10.1.0-1)
xenial
Released (8.0.2-3~16.04.1+esm1)