Description

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

Related CPE's

a

qpdf_project

qpdf

10.0.4

Vulnerable

References

https://github.com/qpdf/qpdf/issues/492

ExploitIssue TrackingPatch

https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html

Mailing ListThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-11T14:15:11.987

11 months ago

Last modified

2023-09-27T16:16:12.097

10 months ago