SB2017060401 - Denial of service in QPDF

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2017-11624)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc due to infinite loop after two consecutive calls to QPDFObjectHandle::parseInterna. A remote attacker can trick the victim into opening a specially crafted file, trigger stack consumption and cause the service to crash.

2) Resource exhaustion (CVE-ID: CVE-2017-11625)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the QPDF::resolveObjectsInStream function in QPDF.cc due to infinite loop. A remote attacker can trick the victim into opening a specially crafted file, trigger stack consumption and cause the service to crash.

3) Resource exhaustion (CVE-ID: CVE-2017-11626)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc due to infinite loop after four consecutive calls to QPDFObjectHandle::parseInterna. A remote attacker can trick the victim into opening a specially crafted file, trigger stack consumption and cause the service to crash.

4) Resource exhaustion (CVE-ID: CVE-2017-11627)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the PointerHolder function in PointerHolder.hh due to infinite loop. A remote attacker can trick the victim into opening a specially crafted file, trigger stack consumption and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://github.com/qpdf/qpdf/issues/117
• https://github.com/qpdf/qpdf/issues/120
• https://github.com/qpdf/qpdf/issues/119
• https://github.com/qpdf/qpdf/issues/118