CVE-2017-9209 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
qpdf_project	qpdf	6.0.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qpdf

bookworm	11.3.0-1+deb12u1 fixed
bullseye	10.1.0-1 fixed
jessie	no-dsa
sid	11.9.1-1 fixed
stretch	no-dsa
trixie	11.9.1-1 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

qpdf

artful	not-affected
bionic	not-affected
trusty	Fixed 8.0.2-3~14.04.1 released
xenial	Fixed 8.0.2-3~16.04.1 released
zesty	ignored

openSUSE / SLES Releases

openSUSE Product

Release

cups-filters

suse enterprise sap 12 SP1	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP2	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP3	1.0.58-19.2.3 fixed
suse enterprise server 12	1.0.58-15.2.1 fixed
suse enterprise server 12 SP1	1.0.58-15.2.1 fixed
suse enterprise server 12 SP2	1.0.58-15.2.1 fixed
suse enterprise server 12 SP3	1.0.58-19.2.3 fixed

cups-filters-cups-browsed

suse enterprise sap 12 SP1	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP2	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP3	1.0.58-19.2.3 fixed
suse enterprise server 12	1.0.58-15.2.1 fixed
suse enterprise server 12 SP1	1.0.58-15.2.1 fixed
suse enterprise server 12 SP2	1.0.58-15.2.1 fixed
suse enterprise server 12 SP3	1.0.58-19.2.3 fixed

cups-filters-foomatic-rip

suse enterprise sap 12 SP1	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP2	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP3	1.0.58-19.2.3 fixed
suse enterprise server 12	1.0.58-15.2.1 fixed
suse enterprise server 12 SP1	1.0.58-15.2.1 fixed
suse enterprise server 12 SP2	1.0.58-15.2.1 fixed
suse enterprise server 12 SP3	1.0.58-19.2.3 fixed

cups-filters-ghostscript

suse enterprise sap 12 SP1	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP2	1.0.58-15.2.1 fixed
suse enterprise sap 12 SP3	1.0.58-19.2.3 fixed
suse enterprise server 12	1.0.58-15.2.1 fixed
suse enterprise server 12 SP1	1.0.58-15.2.1 fixed
suse enterprise server 12 SP2	1.0.58-15.2.1 fixed
suse enterprise server 12 SP3	1.0.58-19.2.3 fixed

libqpdf18

suse enterprise sap 12 SP1	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP2	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP3	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP5	7.1.1-3.3.4 fixed
suse enterprise server 12	7.1.1-3.3.4 fixed
suse enterprise server 12 SP1	7.1.1-3.3.4 fixed
suse enterprise server 12 SP2	7.1.1-3.3.4 fixed
suse enterprise server 12 SP3	7.1.1-3.3.4 fixed
suse enterprise server 12 SP4	7.1.1-3.3.4 fixed
suse enterprise server 12 SP5	7.1.1-3.3.4 fixed

libqpdf21

suse enterprise desktop 15	8.0.2-1.5 fixed
suse enterprise desktop 15 SP1	8.0.2-1.5 fixed
suse enterprise sap 15	8.0.2-1.5 fixed
suse enterprise sap 15 SP1	8.0.2-1.5 fixed
suse enterprise server 15	8.0.2-1.5 fixed
suse enterprise server 15 SP1	8.0.2-1.5 fixed

libqpdf26

suse enterprise desktop 15 SP2	9.0.2-1.36 fixed
suse enterprise desktop 15 SP3	9.0.2-1.36 fixed
suse enterprise desktop 15 SP4	9.0.2-1.36 fixed
suse enterprise desktop 15 SP5	9.0.2-150200.3.3.1 fixed
suse enterprise desktop 15 SP6	9.0.2-150200.3.3.1 fixed
suse enterprise desktop 15 SP7	9.0.2-150200.3.3.1 fixed
suse enterprise sap 15 SP2	9.0.2-1.36 fixed
suse enterprise sap 15 SP3	9.0.2-1.36 fixed
suse enterprise sap 15 SP4	9.0.2-1.36 fixed
suse enterprise sap 15 SP5	9.0.2-150200.3.3.1 fixed
suse enterprise sap 15 SP6	9.0.2-150200.3.3.1 fixed
suse enterprise sap 15 SP7	9.0.2-150200.3.3.1 fixed
suse enterprise server 15 SP2	9.0.2-1.36 fixed
suse enterprise server 15 SP3	9.0.2-1.36 fixed
suse enterprise server 15 SP4	9.0.2-1.36 fixed
suse enterprise server 15 SP5	9.0.2-150200.3.3.1 fixed
suse enterprise server 15 SP6	9.0.2-150200.3.3.1 fixed
suse enterprise server 15 SP7	9.0.2-150200.3.3.1 fixed

libqpdf28

suse enterprise desktop 15 SP3	10.3.1-1.1 fixed
suse enterprise desktop 15 SP4	10.3.1-1.1 fixed
suse enterprise desktop 15 SP5	10.3.1-1.1 fixed
suse enterprise desktop 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise desktop 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise sap 15 SP3	10.3.1-1.1 fixed
suse enterprise sap 15 SP4	10.3.1-1.1 fixed
suse enterprise sap 15 SP5	10.3.1-1.1 fixed
suse enterprise sap 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise sap 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise server 15 SP3	10.3.1-1.1 fixed
suse enterprise server 15 SP4	10.3.1-1.1 fixed
suse enterprise server 15 SP5	10.3.1-1.1 fixed
suse enterprise server 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise server 15 SP7	10.3.1-150600.11.2 fixed

qpdf

suse enterprise desktop 15	8.0.2-1.5 fixed
suse enterprise desktop 15 SP1	8.0.2-1.5 fixed
suse enterprise desktop 15 SP2	9.0.2-1.36 fixed
suse enterprise desktop 15 SP3	10.3.1-1.1 fixed
suse enterprise desktop 15 SP4	10.3.1-1.1 fixed
suse enterprise desktop 15 SP5	10.3.1-1.1 fixed
suse enterprise desktop 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise desktop 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise sap 12 SP1	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP2	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP3	7.1.1-3.3.4 fixed
suse enterprise sap 12 SP5	7.1.1-3.3.4 fixed
suse enterprise sap 15	8.0.2-1.5 fixed
suse enterprise sap 15 SP1	8.0.2-1.5 fixed
suse enterprise sap 15 SP2	9.0.2-1.36 fixed
suse enterprise sap 15 SP3	10.3.1-1.1 fixed
suse enterprise sap 15 SP4	10.3.1-1.1 fixed
suse enterprise sap 15 SP5	10.3.1-1.1 fixed
suse enterprise sap 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise sap 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise server 12	7.1.1-3.3.4 fixed
suse enterprise server 12 SP1	7.1.1-3.3.4 fixed
suse enterprise server 12 SP2	7.1.1-3.3.4 fixed
suse enterprise server 12 SP3	7.1.1-3.3.4 fixed
suse enterprise server 12 SP4	7.1.1-3.3.4 fixed
suse enterprise server 12 SP5	7.1.1-3.3.4 fixed
suse enterprise server 15	8.0.2-1.5 fixed
suse enterprise server 15 SP1	8.0.2-1.5 fixed
suse enterprise server 15 SP2	9.0.2-1.36 fixed
suse enterprise server 15 SP3	10.3.1-1.1 fixed
suse enterprise server 15 SP4	10.3.1-1.1 fixed
suse enterprise server 15 SP5	10.3.1-1.1 fixed
suse enterprise server 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise server 15 SP7	10.3.1-150600.11.2 fixed

qpdf-devel

suse enterprise desktop 15	8.0.2-1.5 fixed
suse enterprise desktop 15 SP1	8.0.2-1.5 fixed
suse enterprise desktop 15 SP2	9.0.2-1.36 fixed
suse enterprise desktop 15 SP3	10.3.1-1.1 fixed
suse enterprise desktop 15 SP4	10.3.1-1.1 fixed
suse enterprise desktop 15 SP5	10.3.1-1.1 fixed
suse enterprise desktop 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise desktop 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise sap 15	8.0.2-1.5 fixed
suse enterprise sap 15 SP1	8.0.2-1.5 fixed
suse enterprise sap 15 SP2	9.0.2-1.36 fixed
suse enterprise sap 15 SP3	10.3.1-1.1 fixed
suse enterprise sap 15 SP4	10.3.1-1.1 fixed
suse enterprise sap 15 SP5	10.3.1-1.1 fixed
suse enterprise sap 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise sap 15 SP7	10.3.1-150600.11.2 fixed
suse enterprise server 15	8.0.2-1.5 fixed
suse enterprise server 15 SP1	8.0.2-1.5 fixed
suse enterprise server 15 SP2	9.0.2-1.36 fixed
suse enterprise server 15 SP3	10.3.1-1.1 fixed
suse enterprise server 15 SP4	10.3.1-1.1 fixed
suse enterprise server 15 SP5	10.3.1-1.1 fixed
suse enterprise server 15 SP6	10.3.1-150600.11.2 fixed
suse enterprise server 15 SP7	10.3.1-150600.11.2 fixed

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/

https://usn.ubuntu.com/3638-1/

https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/

https://usn.ubuntu.com/3638-1/