Bug 1545268 (CVE-2015-9252) - CVE-2015-9252 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc
Summary: CVE-2015-9252 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTok...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-9252
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20150902,reported=2...
Depends On: 1554713
Blocks: 1545293
TreeView+ depends on / blocked
 
Reported: 2018-02-14 14:05 UTC by Laura Pardo
Modified: 2019-06-11 11:13 UTC (History)
3 users (show)

Fixed In Version: qpdf 7.1.1
Doc Type: If docs needed, set a value
Doc Text:
An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted PDF files.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:39:58 UTC


Attachments (Terms of Use)

Description Laura Pardo 2018-02-14 14:05:34 UTC
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.


External References:

https://github.com/qpdf/qpdf/issues/51

Upstream Patch:

https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e


Note You need to log in before you can comment on or make changes to this bug.