Advisories » MGASA-2018-0232

Updated qpdf packages fix security vulnerability

Publication date: 12 May 2018
Modification date: 12 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-9918

Description

A flaw was found in QPDF through 8.0.2. libqpdf.a mishandles certain
'expected dictionary key but found non-name object' cases, allowing
remote attackers to cause a denial of service (stack exhaustion),
related to the QPDFObjectHandle and QPDF_Dictionary classes
(CVE-2018-9918).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22961
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I4ZEBKAKN5LJYYF7ZALERVHHMBSTN2ET/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9918

SRPMS

5/core

• qpdf-7.1.1-1.1.mga5

6/core

• qpdf-7.1.1-1.1.mga6