CVE-2017-18184
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-18184
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18184.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-18184
- Downstream
- Published
- 2018-02-13T19:29:00Z
- Modified
- 2025-10-15T08:54:48.935960Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iteraterc4 in QPDFencryption.cc.
- References
Affected packages
Git / github.com/qpdf/qpdf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qpdf/qpdf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release-qpdf-2.*
release-qpdf-2.0
release-qpdf-2.0.1
release-qpdf-2.0.2
release-qpdf-2.0.3
release-qpdf-2.0.4
release-qpdf-2.0.5
release-qpdf-2.0.6
release-qpdf-2.1
release-qpdf-2.1.1
release-qpdf-2.1.2
release-qpdf-2.1.3
release-qpdf-2.1.4
release-qpdf-2.1.5
release-qpdf-2.1.rc1
release-qpdf-2.2.0
release-qpdf-2.2.1
release-qpdf-2.2.2
release-qpdf-2.2.3
release-qpdf-2.2.4
release-qpdf-2.2.rc1
release-qpdf-2.3.0
release-qpdf-2.3.1
release-qpdf-3.*
release-qpdf-3.0.0
release-qpdf-3.0.1
release-qpdf-3.0.2
release-qpdf-3.0.rc1
release-qpdf-4.*
release-qpdf-4.0.0
release-qpdf-4.0.1
release-qpdf-4.1.0
release-qpdf-4.2.0
release-qpdf-5.*
release-qpdf-5.0.0
release-qpdf-5.0.1
release-qpdf-5.1.0
release-qpdf-5.1.1
release-qpdf-5.1.2
release-qpdf-5.1.3
release-qpdf-5.2.0
release-qpdf-6.*
release-qpdf-6.0.0
release-qpdf-7.*
release-qpdf-7.0.b1
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "113246721592975453944238167601238205076",
"length": 7061.0
},
"id": "CVE-2017-18184-0dcd618d",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc",
"function": "QPDF::initializeEncryption"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"46022406531032056977204137553549838018",
"26485884992840116930708765058180673329",
"192765087106555129225913134396548174351",
"27901807791402466565675300969224254707",
"209783882898506822213128956124706221186",
"20491797986176711388369847300643130763",
"256424793697734767002444969256928318986",
"45284740710539220075917400466958997529",
"146923259411634451181411025098293759859",
"167391634185659876076201100355730758799",
"25384213635921661311383454389775617885",
"238280699073626677375433607042061881860",
"87237509550022497849476778325115018863",
"76082185478166545260932982174195644385",
"179140308611566026916840538765977257604",
"95217609987125338820898147171010979494",
"152480248981387151604343975362063535058",
"258935933345924207713773187167635267425",
"92331239408660476742973975087471797705",
"25329084278510318997153893060593737635",
"116259852792716660150860171120630905297",
"70292566258835284124054369748277049583",
"123005473020686114835009609919131494769",
"158139315735607495748037586754888665270",
"258475874458052443795736218227753417814",
"157784909084589136267298116743139145716",
"80109506705957472536186227690170477381",
"319006241850271679537011750247483167395",
"213833605403461264130001592249510571634",
"297210825367327379273943845429261692381",
"30912544075650809574180054736497089944",
"315148024120775964030770785114069633502",
"13648854165185417650037641825510188574",
"162549332418007102319634008668045479673",
"142111907403993940602262409228914771033",
"154640087882071490039262017562482853466",
"330854799953195037098251814843682362355",
"227390488603062257731990773969973189695",
"248681823604935299893520142583440564010",
"33625197443845292913939849974319869051"
]
},
"id": "CVE-2017-18184-2053304f",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc"
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "160873233998306401490536069294948737713",
"length": 411.0
},
"id": "CVE-2017-18184-73ab4c5e",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc",
"function": "compute_O_value"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "296190509841008825904596890523066584250",
"length": 570.0
},
"id": "CVE-2017-18184-7ca418ba",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc",
"function": "check_owner_password_V4"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "299772385117602231634368597217608039185",
"length": 721.0
},
"id": "CVE-2017-18184-c0ca827a",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc",
"function": "compute_U_value_R3"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"function_hash": "117763695092200783611416463320387944745",
"length": 367.0
},
"id": "CVE-2017-18184-db8f35d0",
"source": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"target": {
"file": "libqpdf/QPDF_encryption.cc",
"function": "compute_U_value_R2"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
}
]