libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "181739345319500568680739432924015967377", "106959424485635183592864499561300455322", "33834260254958747297438551673392020084", "172637144567233369777621291369876028934", "16267163913427358820904854266060915297", "75590030690278665368514097307259967412", "111827253706210392211691782529734872093", "207665020818809464945553329770339154989", "304524329726436421318641378340825999579" ], "threshold": 0.9 }, "deprecated": false, "signature_version": "v1", "id": "CVE-2018-9918-249879d0", "source": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223", "signature_type": "Line", "target": { "file": "libqpdf/QPDFObjectHandle.cc" } }, { "digest": { "function_hash": "338132264288561279274696630611627217117", "length": 7243.0 }, "deprecated": false, "signature_version": "v1", "id": "CVE-2018-9918-9be83622", "source": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223", "signature_type": "Function", "target": { "file": "libqpdf/QPDFObjectHandle.cc", "function": "QPDFObjectHandle::parseInternal" } } ] }