Bug 1545272 (CVE-2017-18183)

Summary: CVE-2017-18183 qpdf: Infinite Loop in QPDFWriter::enqueueObject in libqpdf/QPDFWriter.cc
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jpopelka, twaugh, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qpdf 7.1.1 Doc Type: If docs needed, set a value
Doc Text:
An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted QPDF files.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:39:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1554691, 1554704    
Bug Blocks: 1545293    

Description Laura Pardo 2018-02-14 14:14:26 UTC
A flaw was discovered in QPDF before 7.0.0. There is an infinite recursion loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. This allows an attacker to cause a denial of service via a crafted file.


External References:

https://github.com/qpdf/qpdf/issues/143

Upstream Patch:

https://github.com/qpdf/qpdf/commit/8249a26d69f72b9