Advisories » MGASA-2024-0076

Updated qpdf packages fix security vulnerability

Publication date: 20 Mar 2024
Modification date: 20 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-24246

Description

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to
crash the application via the std::__shared_count() function at
/bits/shared_ptr_base.h. (CVE-2024-24246)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32958
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24246

SRPMS

9/core

• qpdf-11.9.0-1.mga9