UbuntuUpdates.org

Package "qpdf"

Name: qpdf

Description:

tools for transforming and inspecting PDF files

Latest version: 9.1.1-1ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: http://qpdf.sourceforge.net

Links


Download "qpdf"


Other versions of "qpdf" in Focal

Repository Area Version
base main 9.1.1-1build1
base universe 9.1.1-1build1
security main 9.1.1-1ubuntu0.1
updates main 9.1.1-1ubuntu0.1
updates universe 9.1.1-1ubuntu0.1

Changelog

Version: 9.1.1-1ubuntu0.1 2021-07-29 17:06:21 UTC

  qpdf (9.1.1-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in Pl_ASCII85Decoder::write
    - debian/patches/CVE-2021-36978.patch: fix some pipelines to be safe if
      downstream write fails in libqpdf/Pl_AES_PDF.cc,
      libqpdf/Pl_ASCII85Decoder.cc, libqpdf/Pl_ASCIIHexDecoder.cc,
      libqpdf/Pl_Count.cc.
    - CVE-2021-36978

 -- Marc Deslauriers <email address hidden> Wed, 28 Jul 2021 09:06:58 -0400

CVE-2021-36978 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES



About   -   Send Feedback to @ubuntu_updates