QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. https://github.com/qpdf/qpdf/issues/701
Created qpdf tracking bugs for this issue: Affects: fedora-all [bug 2111329]
I cannot reproduce in RHEL 8 or RHEL 9 as well.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-34503