1984609 – (CVE-2021-36978) CVE-2021-36978 qpdf: heap-based buffer overflow in Pl_ASCII85Decoder::write() when a certain downstream write fails

Bug 1984609 (CVE-2021-36978) - CVE-2021-36978 qpdf: heap-based buffer overflow in Pl_ASCII85Decoder::write() when a certain downstream write fails

Summary: CVE-2021-36978 qpdf: heap-based buffer overflow in Pl_ASCII85Decoder::write()...

Keywords:
Status:	NEW
Alias:	CVE-2021-36978
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1984610 1986720 1986721
Blocks:	1984611
TreeView+	depends on / blocked

Reported:	2021-07-21 18:35 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-07-07 08:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:	qpdf 10.1.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-07-22 12:05:57 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-07-21 18:35:33 UTC

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.

Reference:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262

Upstream patch:
https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5

Comment 1 Guilherme de Almeida Suckevicz 2021-07-21 18:35:50 UTC

Created qpdf tracking bugs for this issue:

Affects: fedora-all [bug 1984610]

Comment 2 Zdenek Dohnal 2021-07-22 12:05:57 UTC

Fixed in 10.1.0 and later, already covered by Fedora's qpdf.

Comment 3 Zdenek Dohnal 2021-07-22 12:16:06 UTC

Sorry, the bad bug.

Note You need to log in before you can comment on or make changes to this bug.