Vulnerabilities > Qpdf Project

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-24246 Out-of-bounds Write vulnerability in multiple products
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
local
low complexity
qpdf-project fedoraproject CWE-787
5.5
2023-08-11 CVE-2021-25786 Use After Free vulnerability in Qpdf Project Qpdf 10.0.4
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
local
low complexity
qpdf-project CWE-416
5.3
2022-07-22 CVE-2022-34503 Out-of-bounds Write vulnerability in Qpdf Project Qpdf 8.4.2
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream.
network
low complexity
qpdf-project CWE-787
6.5
2021-07-20 CVE-2021-36978 Out-of-bounds Write vulnerability in Qpdf Project Qpdf
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
local
low complexity
qpdf-project CWE-787
5.5
2018-10-06 CVE-2018-18020 Uncontrolled Recursion vulnerability in Qpdf Project Qpdf 8.2.1
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
local
low complexity
qpdf-project CWE-674
3.3
2018-04-10 CVE-2018-9918 Uncontrolled Recursion vulnerability in multiple products
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
local
low complexity
qpdf-project canonical CWE-674
7.8
2018-02-13 CVE-2017-18186 Infinite Loop vulnerability in Qpdf Project Qpdf
An issue was discovered in QPDF before 7.0.0.
local
low complexity
qpdf-project CWE-835
5.5
2018-02-13 CVE-2017-18185 Out-of-bounds Read vulnerability in Qpdf Project Qpdf
An issue was discovered in QPDF before 7.0.0.
local
low complexity
qpdf-project CWE-125
5.5
2018-02-13 CVE-2017-18184 Out-of-bounds Read vulnerability in Qpdf Project Qpdf
An issue was discovered in QPDF before 7.0.0.
local
low complexity
qpdf-project CWE-125
5.5
2018-02-13 CVE-2017-18183 Infinite Loop vulnerability in Qpdf Project Qpdf
An issue was discovered in QPDF before 7.0.0.
local
low complexity
qpdf-project CWE-835
5.5