UbuntuUpdates.org

Package "qpdf"

Name: qpdf

Description:

tools for transforming and inspecting PDF files

Latest version: 8.0.2-3~14.04.1
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://qpdf.sourceforge.net

Links


Download "qpdf"


Other versions of "qpdf" in Trusty

Repository Area Version
base main 5.1.1-1
security main 8.0.2-3~14.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.2-3~14.04.1 2018-05-07 19:06:53 UTC

  qpdf (8.0.2-3~14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Updated to 8.0.2 to fix security issues.
    - CVE-2015-9252, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210,
      CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627,
      CVE-2017-12595, CVE-2017-18183, CVE-2017-18184, CVE-2017-18185,
      CVE-2017-18186, CVE-2018-9918
  * Revert to debhelper 9:
    - debian/compat, debian/control: revert to 9.
    - debian/rules: remove dh_missing.
  * debian/patches/fix_pkgconfig.patch: libjpeg in trusty doesn't have
    pkgconfig support, remove it from libqpdf.pc.in.

 -- Marc Deslauriers <email address hidden> Tue, 01 May 2018 13:52:40 -0400

CVE-2015-9252 An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, relat
CVE-2017-9208 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, r
CVE-2017-9209 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, r
CVE-2017-9210 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, r
CVE-2017-11624 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related
CVE-2017-11625 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related
CVE-2017-11626 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related
CVE-2017-11627 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related
CVE-2017-12595 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack co
CVE-2017-18183 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
CVE-2017-18184 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
CVE-2017-18185 An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is
CVE-2017-18186 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
CVE-2018-9918 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a de



About   -   Send Feedback to @ubuntu_updates