Advisories ยป MGASA-2018-0232

Updated qpdf packages fix security vulnerability

Publication date: 12 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-9918

Description

A flaw was found in QPDF through 8.0.2. libqpdf.a mishandles certain
'expected dictionary key but found non-name object' cases, allowing
remote attackers to cause a denial of service (stack exhaustion),
related to the QPDFObjectHandle and QPDF_Dictionary classes
(CVE-2018-9918).
                

References

SRPMS

6/core

5/core