CVE-2017-18186

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-18186

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-18186.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-18186

Downstream

DEBIAN-CVE-2017-18186

UBUNTU-CVE-2017-18186

USN-3638-1

Published

2018-02-13T19:29:00Z

Modified

2025-10-15T08:54:44.142423Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.

References

Affected packages

Git / github.com/qpdf/qpdf

Affected ranges

Type: GIT
Repo: https://github.com/qpdf/qpdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

85f05cc57ffa0a863d9d9b23e73acea9410b2937

Affected versions

release-qpdf-2.*

release-qpdf-2.0

release-qpdf-2.0.1

release-qpdf-2.0.2

release-qpdf-2.0.3

release-qpdf-2.0.4

release-qpdf-2.0.5

release-qpdf-2.0.6

release-qpdf-2.1

release-qpdf-2.1.1

release-qpdf-2.1.2

release-qpdf-2.1.3

release-qpdf-2.1.4

release-qpdf-2.1.5

release-qpdf-2.1.rc1

release-qpdf-2.2.0

release-qpdf-2.2.1

release-qpdf-2.2.2

release-qpdf-2.2.3

release-qpdf-2.2.4

release-qpdf-2.2.rc1

release-qpdf-2.3.0

release-qpdf-2.3.1

release-qpdf-3.*

release-qpdf-3.0.0

release-qpdf-3.0.1

release-qpdf-3.0.2

release-qpdf-3.0.rc1

release-qpdf-4.*

release-qpdf-4.0.0

release-qpdf-4.0.1

release-qpdf-4.1.0

release-qpdf-4.2.0

release-qpdf-5.*

release-qpdf-5.0.0

release-qpdf-5.0.1

release-qpdf-5.1.0

release-qpdf-5.1.1

release-qpdf-5.1.2

release-qpdf-5.1.3

release-qpdf-5.2.0

release-qpdf-6.*

release-qpdf-6.0.0

release-qpdf-7.*

release-qpdf-7.0.b1

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "143470664312351326887922365433873313335",
            "length": 1526.0
        },
        "id": "CVE-2017-18186-bb259821",
        "target": {
            "function": "QPDF::read_xref",
            "file": "libqpdf/QPDF.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "266438603850559179889971379008137572864",
                "170858492933963275451002373626649560772",
                "86906268882115607882227833084113952493",
                "29964010784280242289628928258739117002",
                "78468669523777775192181095830342106787",
                "148108207355360572343990471531997700227",
                "76475920812149409294602624238930904875",
                "168508622536348576714227445013227533227",
                "79954515655412324376867276884929413567",
                "336149513343406209498739849406371991950"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-18186-be9f9cba",
        "target": {
            "file": "libqpdf/QPDF.cc"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937",
        "signature_type": "Line"
    }
]