Debian Package Tracker
Register | Log in
Subscribe

qpdf

tools for transforming and inspecting PDF files

Choose email to subscribe with

general
  • source: qpdf (main)
  • version: 9.1.0-1
  • maintainer: Jay Berkenbilt (DMD)
  • arch: any
  • std-ver: 4.4.1
  • VCS: unknown
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 5.1.2-2
  • oldstable: 6.0.0-2
  • old-bpo: 8.0.2-2~bpo9+1
  • stable: 8.4.0-2
  • testing: 9.1.0-1
  • unstable: 9.1.0-1
versioned links
  • 5.1.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 6.0.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.0.2-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 8.4.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 9.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libqpdf-dev
  • libqpdf26
  • qpdf
action needed
1 security issue in bullseye high
There is 1 open security issue in bullseye.
1 important issue:
  • CVE-2018-18020: In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Please fix it.
Created: 2019-07-07 Last update: 2019-11-22 06:33
1 security issue in sid high
There is 1 open security issue in sid.
1 important issue:
  • CVE-2018-18020: In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Please fix it.
Created: 2018-10-06 Last update: 2019-11-22 06:33
1 ignored security issue in buster low
There is 1 open security issue in buster.
1 issue skipped by the security teams:
  • CVE-2018-18020: In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Please fix it.
Created: 2018-10-06 Last update: 2019-11-22 06:33
15 ignored security issues in jessie low
There are 15 open security issues in jessie.
15 issues skipped by the security teams:
  • CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
  • CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
  • CVE-2018-9918: libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
  • CVE-2017-12595: The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
  • CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
  • CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
  • CVE-2017-18183: An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
  • CVE-2017-18186: An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
  • CVE-2017-18184: An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
  • CVE-2017-18185: An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
  • CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
  • CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
  • CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
  • CVE-2015-9252: An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
  • CVE-2018-18020: In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Please fix them.
Created: 2017-05-23 Last update: 2019-11-22 06:33
15 ignored security issues in stretch low
There are 15 open security issues in stretch.
15 issues skipped by the security teams:
  • CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
  • CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
  • CVE-2018-9918: libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
  • CVE-2017-12595: The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
  • CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
  • CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
  • CVE-2017-18183: An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
  • CVE-2017-18186: An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
  • CVE-2017-18184: An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
  • CVE-2017-18185: An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
  • CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
  • CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
  • CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
  • CVE-2015-9252: An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
  • CVE-2018-18020: In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Please fix them.
Created: 2017-05-23 Last update: 2019-11-22 06:33
news
[rss feed]
  • [2019-11-22] qpdf 9.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-11-17] Accepted qpdf 9.1.0-1 (source) into unstable (Jay Berkenbilt)
  • [2019-11-11] Accepted qpdf 9.1~rc1-1 (source) into experimental (Jay Berkenbilt)
  • [2019-10-14] Accepted qpdf 9.0.2-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-09-27] qpdf 9.0.1-1 MIGRATED to testing (Debian testing watch)
  • [2019-09-20] Accepted qpdf 9.0.1-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-09-17] Accepted qpdf 9.0.0-2 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-09-04] Accepted qpdf 9.0.0-1 (source amd64) into unstable, unstable (Jay Berkenbilt)
  • [2019-08-20] qpdf 8.4.2-1 MIGRATED to testing (Debian testing watch)
  • [2019-05-18] Accepted qpdf 8.4.2-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-04-28] Accepted qpdf 8.4.1-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-02-19] qpdf 8.4.0-2 MIGRATED to testing (Debian testing watch)
  • [2019-02-08] Accepted qpdf 8.4.0-2 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-02-08] qpdf 8.4.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-02-02] Accepted qpdf 8.4.0-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-01-23] qpdf 8.3.0-2 MIGRATED to testing (Debian testing watch)
  • [2019-01-17] Accepted qpdf 8.3.0-2 (source amd64) into unstable (Jay Berkenbilt)
  • [2019-01-13] qpdf 8.3.0-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-08] Accepted qpdf 8.3.0-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2018-08-24] qpdf 8.2.1-1 MIGRATED to testing (Debian testing watch)
  • [2018-08-18] Accepted qpdf 8.2.1-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2018-08-18] Accepted qpdf 8.2.0-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2018-06-28] qpdf 8.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2018-06-23] Accepted qpdf 8.1.0-1 (source amd64) into unstable (Jay Berkenbilt)
  • [2018-04-21] qpdf 8.0.2-3 MIGRATED to testing (Debian testing watch)
  • [2018-04-15] Accepted qpdf 8.0.2-3 (source amd64) into unstable (Jay Berkenbilt)
  • [2018-04-11] Accepted qpdf 8.0.2-2~bpo9+1 (amd64 source) into stretch-backports, stretch-backports (Sean Whitton)
  • [2018-03-30] qpdf 8.0.2-2 MIGRATED to testing (Debian testing watch)
  • [2018-03-30] qpdf 8.0.2-2 MIGRATED to testing (Debian testing watch)
  • [2018-03-25] Accepted qpdf 8.0.2-2 (source amd64) into unstable (Jay Berkenbilt)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 9.1.0-1
  • 2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing