A flaw was found in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. This allows an attacker to cause a denial of service via a crafted file.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):