SB2017082701 - Denial of service in QPDF

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Infinite loop (CVE-ID: CVE-2017-18183)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc due to infinite loop. A remote attacker can cause the service to crash.

2) Stack-based out-of-bounds read (CVE-ID: CVE-2017-18184)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function iterate_rc4 in QPDF_encryption.cc due to stack-based out-of-bounds read. A remote attacker can cause the service to crash.

3) Memory corruption (CVE-ID: CVE-2017-18185)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the PNG filter due to integer overflow. A remote attacker can heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc and cause the service to crash.

4) Infinite loop (CVE-ID: CVE-2017-18186)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in QPDF.cc due to looping xref tables. A remote attacker can cause the service to crash.

5) Resource exhaustion (CVE-ID: CVE-2017-12595)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc due to the tokenizer is recursive for arrays and dictionaries. A remote attacker can trick the victim into opening a specially crafted PDF document with a deep data structure, trigger stack consumption and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://github.com/qpdf/qpdf/issues/143
• https://github.com/qpdf/qpdf/issues/147
• https://github.com/qpdf/qpdf/issues/150
• https://github.com/qpdf/qpdf/issues/149
• https://github.com/qpdf/qpdf/issues/146