UbuntuUpdates.org

Package "qpdf"

Name: qpdf

Description:

tools for transforming and inspecting PDF files

Latest version: 8.0.2-3ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://qpdf.sourceforge.net

Links


Download "qpdf"


Other versions of "qpdf" in Bionic

Repository Area Version
base main 8.0.2-3
security main 8.0.2-3ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.2-3ubuntu0.1 2021-07-29 18:06:21 UTC

  qpdf (8.0.2-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted PDF file
    - debian/patches/CVE-2018-18020.patch: give up reading objects with too
      many consecutive errors in libqpdf/QPDFObjectHandle.cc,
      qpdf/qtest/qpdf.test, qpdf/qtest/qpdf/issue-100.out.
    - CVE-2018-18020
  * SECURITY UPDATE: heap-based buffer overflow in Pl_ASCII85Decoder::write
    - debian/patches/CVE-2021-36978.patch: fix some pipelines to be safe if
      downstream write fails in libqpdf/Pl_AES_PDF.cc,
      libqpdf/Pl_ASCII85Decoder.cc, libqpdf/Pl_ASCIIHexDecoder.cc,
      libqpdf/Pl_Count.cc.
    - CVE-2021-36978

 -- Marc Deslauriers <email address hidden> Wed, 28 Jul 2021 09:13:45 -0400

CVE-2018-18020 In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows re
CVE-2021-36978 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES



About   -   Send Feedback to @ubuntu_updates