CVE-2017-18186

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-18186

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18186.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-18186

Downstream

DEBIAN-CVE-2017-18186

UBUNTU-CVE-2017-18186

USN-3638-1

Published

2018-02-13T19:29:00Z

Modified

2025-09-19T08:57:09.856600Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.

References

Affected packages

Git / github.com/qpdf/qpdf

Affected ranges

Type: GIT
Repo: https://github.com/qpdf/qpdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

85f05cc57ffa0a863d9d9b23e73acea9410b2937

Affected versions

release-qpdf-2.*

release-qpdf-2.0

release-qpdf-2.0.1

release-qpdf-2.0.2

release-qpdf-2.0.3

release-qpdf-2.0.4

release-qpdf-2.0.5

release-qpdf-2.0.6

release-qpdf-2.1

release-qpdf-2.1.1

release-qpdf-2.1.2

release-qpdf-2.1.3

release-qpdf-2.1.4

release-qpdf-2.1.5

release-qpdf-2.1.rc1

release-qpdf-2.2.0

release-qpdf-2.2.1

release-qpdf-2.2.2

release-qpdf-2.2.3

release-qpdf-2.2.4

release-qpdf-2.2.rc1

release-qpdf-2.3.0

release-qpdf-2.3.1

release-qpdf-3.*

release-qpdf-3.0.0

release-qpdf-3.0.1

release-qpdf-3.0.2

release-qpdf-3.0.rc1

release-qpdf-4.*

release-qpdf-4.0.0

release-qpdf-4.0.1

release-qpdf-4.1.0

release-qpdf-4.2.0

release-qpdf-5.*

release-qpdf-5.0.0

release-qpdf-5.0.1

release-qpdf-5.1.0

release-qpdf-5.1.1

release-qpdf-5.1.2

release-qpdf-5.1.3

release-qpdf-5.2.0

release-qpdf-6.*

release-qpdf-6.0.0

release-qpdf-7.*

release-qpdf-7.0.b1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2017-18186-bb259821",
            "digest": {
                "length": 1526.0,
                "function_hash": "143470664312351326887922365433873313335"
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "libqpdf/QPDF.cc",
                "function": "QPDF::read_xref"
            },
            "signature_type": "Function",
            "source": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
        },
        {
            "id": "CVE-2017-18186-be9f9cba",
            "digest": {
                "line_hashes": [
                    "266438603850559179889971379008137572864",
                    "170858492933963275451002373626649560772",
                    "86906268882115607882227833084113952493",
                    "29964010784280242289628928258739117002",
                    "78468669523777775192181095830342106787",
                    "148108207355360572343990471531997700227",
                    "76475920812149409294602624238930904875",
                    "168508622536348576714227445013227533227",
                    "79954515655412324376867276884929413567",
                    "336149513343406209498739849406371991950"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "deprecated": false,
            "target": {
                "file": "libqpdf/QPDF.cc"
            },
            "signature_type": "Line",
            "source": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
        }
    ]
}