Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 26: 2017-e58a762c3f Moderate: QPDF Infinite Loop Exploits

fedora
Calendar Grey August 6, 2017
Dist Fedora Esm H88
Crucial patches released for qpdf in Fedora 26 tackling several endless loop vulnerabilities. Safeguard your device immediately.
Security fix for CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210.

Summary

QPDF is a command-line program that does structural, content-preserving

transformations on PDF files. It could have been called something

like pdf-to-pdf. It includes support for merging and splitting PDFs

and to manipulate the list of pages in a PDF file. It is not a PDF viewer

or a program capable of converting PDF into other formats.

Security fix for CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624,

CVE-2017-9208, CVE-2017-9209, CVE-2017-9210.

[ 1 ] Bug #1475510 - CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in QPDF.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1475510

[ 2 ] Bug #1475514 - CVE-2017-11626 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1475514

[ 3 ] Bug #1475517 - CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh

https://bugzilla.redhat.com/show_bug.cgi?id=1475517

[ 4 ] Bug #1475507 - CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc

https://bugzilla.redhat.com/show_bug.cgi?id=1475507

[ 5 ] Bug #1454819 - CVE-2017-9210 qpdf: Infinite loop related to unparse functions

https://bugzilla.redhat.com/show_bug.cgi?id=1454819

[ 6 ] Bug #1454816 - CVE-2017-9209 qpdf: Infinite loop related to QPDFObjectHandle::parseInternal

https://bugzilla.redhat.com/show_bug.cgi?id=1454816

[ 7 ] Bug #1454815 - CVE-2017-9208 qpdf: Infinite loop related to releaseResolved functions

https://bugzilla.redhat.com/show_bug.cgi?id=1454815

su -c 'dnf upgrade qpdf' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora security fix moderate severity infinite loop qpdf

Change Log

References

Update Instructions

Product: Fedora 26
Version: 6.0.0
Release: 6.fc26
URL: https://qpdf.sourceforge.io/
Summary: Command-line tools and library for transforming PDF files

Topics%20covered

Topics Covered

security advisory Fedora security fix moderate severity infinite loop qpdf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here