Register | Log in

qpdf

tools for transforming and inspecting PDF files

Choose email to subscribe with

general

source: qpdf (source, text)
version: 6.0.0-2
maintainer: Jay Berkenbilt [DMD]
arch: any
std-ver: 3.9.6

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.3.1-4
oldstable: 5.1.2-2
stable: 6.0.0-2
testing: 6.0.0-2
unstable: 6.0.0-2

versioned links

2.3.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.0.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libqpdf-dev
libqpdf17
qpdf

action needed

7 security issues in sid

high

There are 7 open security issues in sid.

7 important issues:

CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Please fix them.

Created: 2017-05-23 Last update: 2017-08-11 01:20

7 security issues in buster

high

There are 7 open security issues in buster.

7 important issues:

CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Please fix them.

Created: 2017-06-18 Last update: 2017-08-11 01:20

lintian reports 1 warning

normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2016-09-13 Last update: 2016-09-13 06:49

7 ignored security issues in wheezy

low

There are 7 open security issues in wheezy.

7 issues skipped by the security teams:

CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Please fix them.

Created: 2017-05-23 Last update: 2017-08-11 01:20

7 ignored security issues in jessie

low

There are 7 open security issues in jessie.

7 issues skipped by the security teams:

CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Please fix them.

Created: 2017-05-23 Last update: 2017-08-11 01:20

7 ignored security issues in stretch

low

There are 7 open security issues in stretch.

7 issues skipped by the security teams:

CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

Please fix them.

Created: 2017-05-23 Last update: 2017-08-11 01:20

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2014-09-03 00:05

news

[2015-11-22] qpdf 6.0.0-2 MIGRATED to testing (Britney)
[2015-11-16] Accepted qpdf 6.0.0-2 (source amd64) into unstable (Jay Berkenbilt)
[2015-11-16] qpdf 5.2.0-2 MIGRATED to testing (Britney)
[2015-11-12] Accepted qpdf 6.0.0-1 (source amd64) into experimental, experimental (Jay Berkenbilt)
[2015-11-10] Accepted qpdf 5.2.0-2 (source amd64) into unstable (Jay Berkenbilt)
[2015-11-07] Accepted qpdf 5.2.0-1 (source amd64) into unstable (Jay Berkenbilt)
[2015-09-09] qpdf 5.1.3-3 MIGRATED to testing (Britney)
[2015-09-06] Accepted qpdf 5.1.3-3 (source amd64) into unstable (Jay Berkenbilt)
[2015-08-04] Accepted qpdf 5.1.3-2 (source amd64) into unstable, unstable (Jay Berkenbilt)
[2015-05-30] qpdf 5.1.3-1 MIGRATED to testing (Britney)
[2015-05-24] Accepted qpdf 5.1.3-1 (source amd64) into unstable (Jay Berkenbilt)
[2014-12-29] Accepted qpdf 5.1.2-3 (source amd64) into experimental (Jay Berkenbilt)
[2014-11-20] qpdf 5.1.2-2 MIGRATED to testing (Britney)
[2014-11-15] Accepted qpdf 5.1.2-2 (source amd64) into unstable (Jay Berkenbilt)
[2014-06-13] qpdf 5.1.2-1 MIGRATED to testing (Debian testing watch)
[2014-06-07] Accepted qpdf 5.1.2-1 (source amd64) (Jay Berkenbilt)
[2014-01-20] qpdf 5.1.1-1 MIGRATED to testing (Debian testing watch)
[2014-01-14] Accepted qpdf 5.1.1-1 (source amd64) (Jay Berkenbilt)
[2013-12-23] qpdf 5.1.0-1 MIGRATED to testing (Debian testing watch)
[2013-12-17] Accepted qpdf 5.1.0-1 (source amd64) (Jay Berkenbilt)
[2013-10-30] qpdf 5.0.1-1 MIGRATED to testing (Debian testing watch)
[2013-10-18] Accepted qpdf 5.0.1-1 (source amd64) (Jay Berkenbilt)
[2013-08-06] qpdf 5.0.0-2 MIGRATED to testing (Debian testing watch)
[2013-07-26] Accepted qpdf 5.0.0-2 (source amd64) (Jay Berkenbilt)
[2013-07-21] qpdf 4.2.0-2 MIGRATED to testing (Debian testing watch)
[2013-07-11] Accepted qpdf 5.0.0-1 (source amd64) (Jay Berkenbilt)
[2013-07-10] Accepted qpdf 4.2.0-2 (source amd64) (Jay Berkenbilt)
[2013-07-08] Accepted qpdf 4.2.0-1 (source amd64) (Jay Berkenbilt)
[2013-05-22] qpdf 4.1.0-2 MIGRATED to testing (Debian testing watch)
[2013-05-07] Accepted qpdf 4.1.0-2 (source amd64) (Jay Berkenbilt)

1
2

bugs [bug history graph]

all: 5
RC: 0
I&N: 3
M&W: 2
F&P: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.0.0-2ubuntu1
1 bug
patches for 6.0.0-2ubuntu1

Debian Package Tracker — Copyright 2013-2016 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Git Repository — How to contribute