Jay Berkenbilt - Security Researcher - Exploit Intelligence Platform

CVE-2015-9252 WRITEUP MEDIUM WRITEUP

qpdf < 7.0.0 - Denial of Service via Endless Recursion in QPDFTokenizer::resolveLiteral()

An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.

CVSS 5.5

View Code

CVE-2017-12595 WRITEUP HIGH WRITEUP

qpdf 6.0.0 and 7.0.b1 - Denial of Service via Deep PDF Data Structure

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.

CVSS 7.8

View Code

CVE-2018-9918 WRITEUP HIGH WRITEUP

qpdf < 8.0.2 - Denial of Service via Uncontrolled Recursion in QPDFObjectHandle

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.

CVSS 7.8

View Code