CVE-2017-12595

CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.

Source: CVE-2017-12595

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다