Qpdfproject Qpdf
By the Year
In 2024 there have been 1 vulnerability in Qpdfproject Qpdf with an average score of 5.5 out of ten. Last year Qpdf had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Qpdf in 2024 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.20.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.50 |
| 2023 | 1 | 5.30 |
| 2022 | 1 | 6.50 |
| 2021 | 1 | 5.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 5.55 |
It may take a day or so for new Qpdf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Qpdfproject Qpdf Security Vulnerabilities
Heap Buffer Overflow vulnerability in qpdf 11.9.0
CVE-2024-24246
5.5 - Medium
- February 29, 2024
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
Memory Corruption
An issue was discovered in QPDF version 10.0.4
CVE-2021-25786
5.3 - Medium
- August 11, 2023
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
Dangling pointer
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream
CVE-2022-34503
6.5 - Medium
- July 22, 2022
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Memory Corruption
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called
CVE-2021-36978
5.5 - Medium
- July 20, 2021
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Memory Corruption
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which
CVE-2018-18020
3.3 - Low
- October 06, 2018
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
Stack Exhaustion
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases
CVE-2018-9918
7.8 - High
- April 10, 2018
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
Stack Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Qpdfproject? Click the Watch button to subscribe.
