Vulnerabilities > CVE-2021-25786 - Use After Free vulnerability in Qpdf Project Qpdf 10.0.4

CVSS 5.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

low complexity

qpdf-project

CWE-416

NVD

Published: 2023-08-11

Updated: 2023-09-27

Summary

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

Vulnerable Configurations

Part	Description	Count
Application	Qpdf_Project Qpdf Project Qpdf 10.0.4	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/qpdf/qpdf/issues/492
https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html