Bug 1545268 (CVE-2015-9252)

Summary: CVE-2015-9252 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jpopelka, twaugh, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qpdf 7.1.1 Doc Type: If docs needed, set a value
Doc Text:
An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted PDF files.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:39:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1554713    
Bug Blocks: 1545293    

Description Laura Pardo 2018-02-14 14:05:34 UTC 
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.


External References:

https://github.com/qpdf/qpdf/issues/51

Upstream Patch:

https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e