Source: qpdf Version: 5.1.2-2 Severity: important Tags: security upstream Hi,
the following vulnerabilities were published for qpdf. CVE-2017-9208[0]: | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of | service (infinite recursion and stack consumption) via a crafted PDF | document, related to releaseResolved functions, aka qpdf-infiniteloop1. CVE-2017-9209[1]: | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of | service (infinite recursion and stack consumption) via a crafted PDF | document, related to QPDFObjectHandle::parseInternal, aka | qpdf-infiniteloop2. CVE-2017-9210[2]: | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of | service (infinite recursion and stack consumption) via a crafted PDF | document, related to unparse functions, aka qpdf-infiniteloop3. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9208 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9208 https://github.com/qpdf/qpdf/issues/99 [1] https://security-tracker.debian.org/tracker/CVE-2017-9209 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9209 https://github.com/qpdf/qpdf/issues/100 [2] https://security-tracker.debian.org/tracker/CVE-2017-9210 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9210 https://github.com/qpdf/qpdf/issues/101 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
