CVE-2017-12595
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12595
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12595.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-12595
- Downstream
- Related
- Published
- 2017-08-27T15:29:00Z
- Modified
- 2025-10-15T08:43:00.363770Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
- References
Affected packages
Git / github.com/qpdf/qpdf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qpdf/qpdf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release-qpdf-2.*
release-qpdf-2.0
release-qpdf-2.0.1
release-qpdf-2.0.2
release-qpdf-2.0.3
release-qpdf-2.0.4
release-qpdf-2.0.5
release-qpdf-2.0.6
release-qpdf-2.1
release-qpdf-2.1.1
release-qpdf-2.1.2
release-qpdf-2.1.3
release-qpdf-2.1.4
release-qpdf-2.1.5
release-qpdf-2.1.rc1
release-qpdf-2.2.0
release-qpdf-2.2.1
release-qpdf-2.2.2
release-qpdf-2.2.3
release-qpdf-2.2.4
release-qpdf-2.2.rc1
release-qpdf-2.3.0
release-qpdf-2.3.1
release-qpdf-3.*
release-qpdf-3.0.0
release-qpdf-3.0.1
release-qpdf-3.0.2
release-qpdf-3.0.rc1
release-qpdf-4.*
release-qpdf-4.0.0
release-qpdf-4.0.1
release-qpdf-4.1.0
release-qpdf-4.2.0
release-qpdf-5.*
release-qpdf-5.0.0
release-qpdf-5.0.1
release-qpdf-5.1.0
release-qpdf-5.1.1
release-qpdf-5.1.2
release-qpdf-5.1.3
release-qpdf-5.2.0
release-qpdf-6.*
release-qpdf-6.0.0
release-qpdf-7.*
release-qpdf-7.0.b1
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
"signature_version": "v1",
"target": {
"function": "QPDFObjectHandle::parse",
"file": "libqpdf/QPDFObjectHandle.cc"
},
"digest": {
"function_hash": "127423270575725266261908987106965242072",
"length": 218.0
},
"id": "CVE-2017-12595-0b7f480a"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
"signature_version": "v1",
"target": {
"function": "QPDFObjectHandle::parseInternal",
"file": "libqpdf/QPDFObjectHandle.cc"
},
"digest": {
"function_hash": "222376292313288362129861388753324986043",
"length": 5636.0
},
"id": "CVE-2017-12595-203bb0e8"
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
"signature_version": "v1",
"target": {
"function": "QPDFObjectHandle::parseContentStream_internal",
"file": "libqpdf/QPDFObjectHandle.cc"
},
"digest": {
"function_hash": "68592896909743010763412756146628506893",
"length": 1458.0
},
"id": "CVE-2017-12595-5c63f44f"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
"signature_version": "v1",
"target": {
"file": "include/qpdf/QPDFObjectHandle.hh"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"219956508091858809604694169978602165008",
"183449769428269352412655741867116949445",
"65439156689056502178631498475609254605",
"119451281774679039159845983246789776360"
]
},
"id": "CVE-2017-12595-7a3d9616"
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
"signature_version": "v1",
"target": {
"file": "libqpdf/QPDFObjectHandle.cc"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"232174649075202836631461316134148150395",
"145952873503310517240815600129548064092",
"97364157728667136849273872668994176638",
"6261263861378634083320536242348531313",
"268155269199293532695661716444198521625",
"296443984968267620017845295171909968275",
"28535131635528644516548287529418955214",
"144850379068327068009638046305007679369",
"1965188413788149435555065872843187202",
"219956508091858809604694169978602165008",
"292636102528142126901972740312866098428",
"104422238211848259501336140502658667837",
"294437549169171542605917387793588991414",
"189091518735567102081159475736007204454",
"204446386505657463960359147467834174375",
"270522005808720460731852180257597171120",
"52408171288945582620100640851335529978",
"233467964746630886847768155630105903963",
"304939674191254631990094351064929272958",
"91321467866254524838216617329231100706",
"59919551074254168067004201733601351250",
"29933515717441277442806117211624454282",
"153527779988573939433559540530303253148",
"285960692880156193593443462548527968152",
"223254257529289896208624893330293186275",
"77948462109188685167000092770892151260",
"243509852278844034422311980165702614643",
"183939847686939820270656451285597714488",
"98920664930856797169233130797289898578",
"112560685421528488238336364242271594516",
"31197558713345235217285535697449879608",
"1896485810543571314408608412698828830",
"59285179261078776805298300393097674692",
"99376791372800036143274708340545802560",
"32235961380874227696006923550489421684",
"184335502457884113135630818802898564515",
"198527567135117949402129102421742359992",
"110015142695224074098406028947191341190",
"291844216169507210439119260582004165527",
"112218546347294582522671630571092078979",
"273579553806662043900205371706229416425",
"184335502457884113135630818802898564515",
"198527567135117949402129102421742359992",
"239182554172023253005678911140780725512",
"190937513617141871541593069857921077795",
"265376192355037001604451631962269275614",
"242291106990548019185377967700437159534",
"95464805250088954938400000201358777546",
"112458573969558981603707259353001599655",
"272182014161423361618614005554291578749",
"42226576701191472889259666537970159487",
"214824190056860831019984509713790758166",
"26695030923960508493086932717982393431",
"124819534853171869512160114358382236188",
"247064575218474560204573918366836341987",
"234738518821257734802709418851557062271",
"272247659572680487013308964690398013036",
"229203804308286596544755326869306199507",
"12381271891681683301765390928714387245",
"192544016779172590558541851165711353860",
"193263649083308106186652522482938089351",
"216169773093610768407027200007919190409",
"43692537748959223118374389680315080202",
"107179447296981242461048127833720033480",
"275920083895187377091442508617851327354",
"60031835826907739039690130478627567559",
"79020974452942336665653674621906445840",
"135970779399186575047772073870847669902",
"311876120263857661185081451427950518092",
"235120213703718655305862422733303859605",
"850860574685209550758573172653302977",
"156448082129724727736779583749890937614",
"115375199637434935815372834047808163644",
"176138644337273694347125360757453609211",
"238433655882357577667622849129577959775",
"110675323525682837101678994628717170167",
"163228645416198082892570901040431616486",
"198191628059118952803841353026556122773",
"59507541619778250721475401421089583722",
"14123127897050263802892312456346357108",
"144710694673886013371378034448706266660",
"205501626892865448222663588877168995954",
"14398401520333134002850665820964721573",
"73699900604113038576067076205734668163",
"79980670186139052742732445548955072854",
"166829179078620445586807317704615861747",
"237610873502780496956306138921298749172",
"172494128936118137009216269231191638161",
"42913227040228358617679774208458367588",
"151428728523419797002458951004233075962",
"261814948250193510698912057627340989263",
"154179677370428159078082266259553103261",
"87896345258467210021260469094662815796",
"160493410317030315919715827995595409542",
"236175701671116999952098044787186969206",
"328814765142478214523892049232127886494",
"130822994288029306716723303906346213396",
"26651007443051483864983760988737712309",
"95247601878301933483756242361104446419",
"259285742247316936525055020253223213432",
"204422438819122951784377214644760606060",
"262383201654687490596148727872427971450",
"57549250819219467828428853466961559594",
"228286368446343468999845728402973958076",
"186770363879254020217125646465873217684",
"178128353701369822568193167947727676150",
"103935347148426900325689988997923063029",
"147246315781464470918828045354289534597",
"302606117294457827836233885017611877296",
"155515849574381401407360066731143648989",
"72089665299360914465227826167877282361",
"34116638281833288940181539800214871074",
"23973918794109250339680801418633918205",
"327134164841529362425513430471389198721",
"240151603759239692139826021230641666929",
"121776043016191788712412397058531691487",
"298781128901881220867478430167871896981",
"96107493789940552444969538321075398672",
"142292056391247367609242569685748760614",
"98401972256982361849720499769408331904",
"261926884824435614219713212637594693023",
"62841273296586481178094212031328834945",
"115587728255974303156958050585784214922",
"335388267505039709404067078223458405460",
"220644505213764829765037323799449504728",
"222625398227126390745711116627052105256",
"37831621269379359845137503573431663220",
"118115584580906901161318873282047897487",
"18794312942661344241057624291545833980",
"7156647395150868665141129910797201740",
"339176404015242179365116072918832235144",
"237698600389914363892746365344231916127",
"217566172507050875130672382841976737379",
"273190181610603392596736431254723135733",
"103635486623274555741499828845810350574",
"116695397805206400907015739896483028265",
"225274403924603693739798073911464472198",
"165629998823299512055679060210609091032",
"222625398227126390745711116627052105256",
"91649197599389080436370914772081622543",
"28006643148232508419239684546739034163",
"218739745706203140490484939476962351020",
"128216110684401323881093071862097734889",
"193738863799458687694796948255712056600",
"174387218020391429395312758980650505852",
"129254687107910683014279813401619672642",
"305819501068621745411397029534841394754",
"247933152075315470992166022753387193669",
"101272720408140137317144192430112748157",
"37626054000095117711177146641087493159",
"38631461410191116912460103536762208627",
"304284217174687221795202092754144145001",
"293971089912658017669462810780988985346"
]
},
"id": "CVE-2017-12595-7ecd2010"
}
]