CVE-2017-11627

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
qpdf_projectqpdf
6.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qpdf
bookworm
11.3.0-1+deb12u1
fixed
bullseye
10.1.0-1
fixed
jessie
no-dsa
sid
11.9.1-1
fixed
stretch
no-dsa
trixie
11.9.1-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qpdf
artful
not-affected
bionic
not-affected
trusty
Fixed 8.0.2-3~14.04.1
released
xenial
Fixed 8.0.2-3~16.04.1
released
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cups-filters
suse enterprise sap 12 SP1
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP2
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP3
1.0.58-19.2.3
fixed
suse enterprise server 12
1.0.58-15.2.1
fixed
suse enterprise server 12 SP1
1.0.58-15.2.1
fixed
suse enterprise server 12 SP2
1.0.58-15.2.1
fixed
suse enterprise server 12 SP3
1.0.58-19.2.3
fixed
cups-filters-cups-browsed
suse enterprise sap 12 SP1
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP2
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP3
1.0.58-19.2.3
fixed
suse enterprise server 12
1.0.58-15.2.1
fixed
suse enterprise server 12 SP1
1.0.58-15.2.1
fixed
suse enterprise server 12 SP2
1.0.58-15.2.1
fixed
suse enterprise server 12 SP3
1.0.58-19.2.3
fixed
cups-filters-foomatic-rip
suse enterprise sap 12 SP1
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP2
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP3
1.0.58-19.2.3
fixed
suse enterprise server 12
1.0.58-15.2.1
fixed
suse enterprise server 12 SP1
1.0.58-15.2.1
fixed
suse enterprise server 12 SP2
1.0.58-15.2.1
fixed
suse enterprise server 12 SP3
1.0.58-19.2.3
fixed
cups-filters-ghostscript
suse enterprise sap 12 SP1
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP2
1.0.58-15.2.1
fixed
suse enterprise sap 12 SP3
1.0.58-19.2.3
fixed
suse enterprise server 12
1.0.58-15.2.1
fixed
suse enterprise server 12 SP1
1.0.58-15.2.1
fixed
suse enterprise server 12 SP2
1.0.58-15.2.1
fixed
suse enterprise server 12 SP3
1.0.58-19.2.3
fixed
libqpdf18
suse enterprise sap 12 SP1
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP2
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP3
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP5
7.1.1-3.3.4
fixed
suse enterprise server 12
7.1.1-3.3.4
fixed
suse enterprise server 12 SP1
7.1.1-3.3.4
fixed
suse enterprise server 12 SP2
7.1.1-3.3.4
fixed
suse enterprise server 12 SP3
7.1.1-3.3.4
fixed
suse enterprise server 12 SP4
7.1.1-3.3.4
fixed
suse enterprise server 12 SP5
7.1.1-3.3.4
fixed
libqpdf21
suse enterprise desktop 15
8.0.2-1.5
fixed
suse enterprise desktop 15 SP1
8.0.2-1.5
fixed
suse enterprise sap 15
8.0.2-1.5
fixed
suse enterprise sap 15 SP1
8.0.2-1.5
fixed
suse enterprise server 15
8.0.2-1.5
fixed
suse enterprise server 15 SP1
8.0.2-1.5
fixed
libqpdf26
suse enterprise desktop 15 SP2
9.0.2-1.36
fixed
suse enterprise desktop 15 SP3
9.0.2-1.36
fixed
suse enterprise desktop 15 SP4
9.0.2-1.36
fixed
suse enterprise desktop 15 SP5
9.0.2-150200.3.3.1
fixed
suse enterprise desktop 15 SP6
9.0.2-150200.3.3.1
fixed
suse enterprise desktop 15 SP7
9.0.2-150200.3.3.1
fixed
suse enterprise sap 15 SP2
9.0.2-1.36
fixed
suse enterprise sap 15 SP3
9.0.2-1.36
fixed
suse enterprise sap 15 SP4
9.0.2-1.36
fixed
suse enterprise sap 15 SP5
9.0.2-150200.3.3.1
fixed
suse enterprise sap 15 SP6
9.0.2-150200.3.3.1
fixed
suse enterprise sap 15 SP7
9.0.2-150200.3.3.1
fixed
suse enterprise server 15 SP2
9.0.2-1.36
fixed
suse enterprise server 15 SP3
9.0.2-1.36
fixed
suse enterprise server 15 SP4
9.0.2-1.36
fixed
suse enterprise server 15 SP5
9.0.2-150200.3.3.1
fixed
suse enterprise server 15 SP6
9.0.2-150200.3.3.1
fixed
suse enterprise server 15 SP7
9.0.2-150200.3.3.1
fixed
libqpdf28
suse enterprise desktop 15 SP3
10.3.1-1.1
fixed
suse enterprise desktop 15 SP4
10.3.1-1.1
fixed
suse enterprise desktop 15 SP5
10.3.1-1.1
fixed
suse enterprise desktop 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise desktop 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise sap 15 SP3
10.3.1-1.1
fixed
suse enterprise sap 15 SP4
10.3.1-1.1
fixed
suse enterprise sap 15 SP5
10.3.1-1.1
fixed
suse enterprise sap 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise sap 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise server 15 SP3
10.3.1-1.1
fixed
suse enterprise server 15 SP4
10.3.1-1.1
fixed
suse enterprise server 15 SP5
10.3.1-1.1
fixed
suse enterprise server 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise server 15 SP7
10.3.1-150600.11.2
fixed
qpdf
suse enterprise desktop 15
8.0.2-1.5
fixed
suse enterprise desktop 15 SP1
8.0.2-1.5
fixed
suse enterprise desktop 15 SP2
9.0.2-1.36
fixed
suse enterprise desktop 15 SP3
10.3.1-1.1
fixed
suse enterprise desktop 15 SP4
10.3.1-1.1
fixed
suse enterprise desktop 15 SP5
10.3.1-1.1
fixed
suse enterprise desktop 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise desktop 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise sap 12 SP1
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP2
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP3
7.1.1-3.3.4
fixed
suse enterprise sap 12 SP5
7.1.1-3.3.4
fixed
suse enterprise sap 15
8.0.2-1.5
fixed
suse enterprise sap 15 SP1
8.0.2-1.5
fixed
suse enterprise sap 15 SP2
9.0.2-1.36
fixed
suse enterprise sap 15 SP3
10.3.1-1.1
fixed
suse enterprise sap 15 SP4
10.3.1-1.1
fixed
suse enterprise sap 15 SP5
10.3.1-1.1
fixed
suse enterprise sap 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise sap 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise server 12
7.1.1-3.3.4
fixed
suse enterprise server 12 SP1
7.1.1-3.3.4
fixed
suse enterprise server 12 SP2
7.1.1-3.3.4
fixed
suse enterprise server 12 SP3
7.1.1-3.3.4
fixed
suse enterprise server 12 SP4
7.1.1-3.3.4
fixed
suse enterprise server 12 SP5
7.1.1-3.3.4
fixed
suse enterprise server 15
8.0.2-1.5
fixed
suse enterprise server 15 SP1
8.0.2-1.5
fixed
suse enterprise server 15 SP2
9.0.2-1.36
fixed
suse enterprise server 15 SP3
10.3.1-1.1
fixed
suse enterprise server 15 SP4
10.3.1-1.1
fixed
suse enterprise server 15 SP5
10.3.1-1.1
fixed
suse enterprise server 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise server 15 SP7
10.3.1-150600.11.2
fixed
qpdf-devel
suse enterprise desktop 15
8.0.2-1.5
fixed
suse enterprise desktop 15 SP1
8.0.2-1.5
fixed
suse enterprise desktop 15 SP2
9.0.2-1.36
fixed
suse enterprise desktop 15 SP3
10.3.1-1.1
fixed
suse enterprise desktop 15 SP4
10.3.1-1.1
fixed
suse enterprise desktop 15 SP5
10.3.1-1.1
fixed
suse enterprise desktop 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise desktop 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise sap 15
8.0.2-1.5
fixed
suse enterprise sap 15 SP1
8.0.2-1.5
fixed
suse enterprise sap 15 SP2
9.0.2-1.36
fixed
suse enterprise sap 15 SP3
10.3.1-1.1
fixed
suse enterprise sap 15 SP4
10.3.1-1.1
fixed
suse enterprise sap 15 SP5
10.3.1-1.1
fixed
suse enterprise sap 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise sap 15 SP7
10.3.1-150600.11.2
fixed
suse enterprise server 15
8.0.2-1.5
fixed
suse enterprise server 15 SP1
8.0.2-1.5
fixed
suse enterprise server 15 SP2
9.0.2-1.36
fixed
suse enterprise server 15 SP3
10.3.1-1.1
fixed
suse enterprise server 15 SP4
10.3.1-1.1
fixed
suse enterprise server 15 SP5
10.3.1-1.1
fixed
suse enterprise server 15 SP6
10.3.1-150600.11.2
fixed
suse enterprise server 15 SP7
10.3.1-150600.11.2
fixed
Common Weakness Enumeration
References
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
https://github.com/qpdf/qpdf/issues/118
https://usn.ubuntu.com/3638-1/
http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
https://github.com/qpdf/qpdf/issues/118
https://usn.ubuntu.com/3638-1/