Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Feb 2018 12:01:36 +0100
From: Hanno Böck <>
Subject: qpdf: multiple vulnerabilities before 7.0.0


This is a bit older, but I'll share it anyway. A while ago I tested
qpdf with libfuzzer, all those issues have been fixed in 7.0.0 (latest
is 7.1.1).

Stack overflow due to endless recursion in

Another stack overflow / endless recursion in

Stack out of bounds read in iterate_rc4()

heap out of bounds read (large) in Pl_Buffer::write

Hang due to a pdf xref loop:

A quick check with the latst 7.1.1 with libfuzzer and asan revealed no
further bugs.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ