A flaw was discovered in QPDF before 7.0.0. There is an infinite recursion loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. This allows an attacker to cause a denial of service via a crafted file. External References: https://github.com/qpdf/qpdf/issues/143 Upstream Patch: https://github.com/qpdf/qpdf/commit/8249a26d69f72b9