A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop". Upstream bug: https://github.com/qpdf/qpdf/issues/118 Upstream patch: https://github.com/jberkenbilt/qpdf/commit/2f56805a397b4d264bcfdfc248765990084c2933 https://github.com/jberkenbilt/qpdf/commit/97c9344c4b878ddc4723486640688d2d3d38ad32 https://github.com/qpdf/qpdf/commit/ac3c81a8edcb44e2669485630d6718c96a6ad6e9 References: http://somevulnsofadlab.blogspot.com.br/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
Created qpdf tracking bugs for this issue: Affects: epel-6 [bug 1475519] Affects: fedora-all [bug 1475518]
Upstream patches from comment#0 add tests for this issue. Actual upstream patches: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e https://github.com/qpdf/qpdf/commit/afe0242b263a9e1a8d51dd81e42ab6de2e5127eb https://github.com/qpdf/qpdf/commit/315092dd98d5230ef0efa18b294d464d0e9f79d0 https://github.com/qpdf/qpdf/commit/603f222365252f1a1e20303b3dbe52466be3053b