Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3548-1:6A4EA
HistoryAug 29, 2023 - 9:06 p.m.

[SECURITY] [DLA 3548-1] qpdf security update

2023-08-2921:06:14
lists.debian.org
8
debian security tracker
qpdf package
update
unix
buffer overflow
denial of service
lts
remote code execution
security update
debian 10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON

Debian LTS Advisory DLA-3548-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2023 https://wiki.debian.org/LTS

Package : qpdf
Version : 8.4.0-2+deb10u1
CVE ID : CVE-2018-18020 CVE-2021-25786 CVE-2021-36978

Several issues have been found in qpdf, a package with tools for
transforming and inspecting PDF files.
Crafted files may enable remote attackers to execute arbitrary code or
create recursive calls for a long time, which causes a denial of service.
Further a heap-based buffer overflow might occur when a certain downstream
write fails.

For Debian 10 buster, these problems have been fixed in version
8.4.0-2+deb10u1.

We recommend that you upgrade your qpdf packages.

For the detailed security status of qpdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qpdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10amd64libqpdf21< 8.4.0-2+deb10u1libqpdf21_8.4.0-2+deb10u1_amd64.deb
Debian10arm64qpdf< 8.4.0-2+deb10u1qpdf_8.4.0-2+deb10u1_arm64.deb
Debian10i386libqpdf21< 8.4.0-2+deb10u1libqpdf21_8.4.0-2+deb10u1_i386.deb
Debian10arm64libqpdf21-dbgsym< 8.4.0-2+deb10u1libqpdf21-dbgsym_8.4.0-2+deb10u1_arm64.deb
Debian10arm64qpdf-dbgsym< 8.4.0-2+deb10u1qpdf-dbgsym_8.4.0-2+deb10u1_arm64.deb
Debian10amd64qpdf< 8.4.0-2+deb10u1qpdf_8.4.0-2+deb10u1_amd64.deb
Debian10armhflibqpdf-dev< 8.4.0-2+deb10u1libqpdf-dev_8.4.0-2+deb10u1_armhf.deb
Debian10armhfqpdf< 8.4.0-2+deb10u1qpdf_8.4.0-2+deb10u1_armhf.deb
Debian10i386libqpdf-dev< 8.4.0-2+deb10u1libqpdf-dev_8.4.0-2+deb10u1_i386.deb
Debian10armhflibqpdf21-dbgsym< 8.4.0-2+deb10u1libqpdf21-dbgsym_8.4.0-2+deb10u1_armhf.deb
Rows per page:
1-10 of 211

Related

osv 6
nessus 14
openvas 9
ubuntu 2
ubuntucve 3
amazon 2
prion 3
cvelist 3
redhatcve 3
debiancve 3
cve 3
nvd 3
veracode 1
gentoo 1
suse 2
osv
osv
qpdf - security update
2023-08-29 00:00:00
qpdf vulnerabilities
2021-07-29 16:28:39
qpdf vulnerabilities
2021-08-02 14:15:25
nessus
nessus
Debian DLA-3548-1 : qpdf - LTS security update
2023-08-30 00:00:00
RHEL 8 : qpdf (Unpatched Vulnerability)
2024-06-03 00:00:00
Amazon Linux 2 : qpdf (ALAS-2024-2409)
2024-01-09 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3548-1)
2023-08-31 00:00:00
Ubuntu: Security Advisory (USN-5026-1)
2021-07-30 00:00:00
Ubuntu: Security Advisory (USN-5026-2)
2022-08-26 00:00:00
ubuntu
ubuntu
QPDF vulnerabilities
2021-08-02 00:00:00
QPDF vulnerabilities
2021-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2021-25786
2023-08-11 00:00:00
CVE-2018-18020
2018-10-06 00:00:00
CVE-2021-36978
2021-07-20 00:00:00
amazon
amazon
Important: qpdf
2024-01-03 21:04:00
Medium: qpdf
2023-06-21 19:11:00
prion
prion
Code injection
2018-10-06 14:29:00
Code injection
2023-08-11 14:15:00
Heap overflow
2021-07-20 07:15:00
cvelist
cvelist
CVE-2018-18020
2018-10-06 00:00:00
CVE-2021-25786
2023-08-11 00:00:00
CVE-2021-36978
2021-07-20 00:00:00
redhatcve
redhatcve
CVE-2018-18020
2018-11-05 14:19:15
CVE-2021-25786
2023-08-22 17:49:08
CVE-2021-36978
2021-07-21 19:20:09
debiancve
debiancve
CVE-2018-18020
2018-10-06 14:29:00
CVE-2021-25786
2023-08-11 14:15:11
CVE-2021-36978
2021-07-20 07:15:08
cve
cve
CVE-2018-18020
2018-10-06 14:29:00
CVE-2021-25786
2023-08-11 14:15:11
CVE-2021-36978
2021-07-20 07:15:08
nvd
nvd
CVE-2018-18020
2018-10-06 14:29:00
CVE-2021-25786
2023-08-11 14:15:11
CVE-2021-36978
2021-07-20 07:15:08
veracode
veracode
Use After Free
2023-08-17 11:12:22
gentoo
gentoo
QPDF: Buffer Overflow
2024-01-15 00:00:00
suse
suse
Security update for qpdf (important)
2022-09-12 00:00:00
Security update for qpdf (important)
2022-08-04 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

51.7%

JSON
Related for DEBIAN:DLA-3548-1:6A4EA
osv6nessus14openvas9ubuntu2ubuntucve3amazon2prion3cvelist3redhatcve3debiancve3cve3nvd3veracode1gentoo1suse2