Affected packages

Debian:11 / qpdf

Package

Name
qpdf
Purl
pkg:deb/debian/qpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / qpdf

Package

Name
qpdf
Purl
pkg:deb/debian/qpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / qpdf

Package

Name
qpdf
Purl
pkg:deb/debian/qpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / qpdf

Package

Name
qpdf
Purl
pkg:deb/debian/qpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/qpdf/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

release-qpdf-10.*

release-qpdf-10.0.0
release-qpdf-10.0.1
release-qpdf-10.0.2
release-qpdf-10.0.3
release-qpdf-10.0.4

release-qpdf-2.*

release-qpdf-2.0
release-qpdf-2.0.1
release-qpdf-2.0.2
release-qpdf-2.0.3
release-qpdf-2.0.4
release-qpdf-2.0.5
release-qpdf-2.0.6
release-qpdf-2.1
release-qpdf-2.1.1
release-qpdf-2.1.2
release-qpdf-2.1.3
release-qpdf-2.1.4
release-qpdf-2.1.5
release-qpdf-2.1.rc1
release-qpdf-2.2.0
release-qpdf-2.2.1
release-qpdf-2.2.2
release-qpdf-2.2.3
release-qpdf-2.2.4
release-qpdf-2.2.rc1
release-qpdf-2.3.0
release-qpdf-2.3.1

release-qpdf-3.*

release-qpdf-3.0.0
release-qpdf-3.0.1
release-qpdf-3.0.2
release-qpdf-3.0.rc1

release-qpdf-4.*

release-qpdf-4.0.0
release-qpdf-4.0.1
release-qpdf-4.1.0
release-qpdf-4.2.0

release-qpdf-5.*

release-qpdf-5.0.0
release-qpdf-5.0.1
release-qpdf-5.1.0
release-qpdf-5.1.1
release-qpdf-5.1.2
release-qpdf-5.1.3
release-qpdf-5.2.0

release-qpdf-6.*

release-qpdf-6.0.0

release-qpdf-7.*

release-qpdf-7.0.0
release-qpdf-7.0.b1
release-qpdf-7.1.0
release-qpdf-7.1.1

release-qpdf-8.*

release-qpdf-8.0.0
release-qpdf-8.0.1
release-qpdf-8.0.2
release-qpdf-8.0.a1
release-qpdf-8.0.rc1
release-qpdf-8.0.rc2
release-qpdf-8.0.rc3
release-qpdf-8.1.0
release-qpdf-8.2.0
release-qpdf-8.2.1
release-qpdf-8.3.0
release-qpdf-8.4.0
release-qpdf-8.4.1
release-qpdf-8.4.2

release-qpdf-9.*

release-qpdf-9.0.0
release-qpdf-9.0.1
release-qpdf-9.0.2
release-qpdf-9.1.0
release-qpdf-9.1.1
release-qpdf-9.1.rc1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2021-36978-346f02bf",
            "digest": {
                "length": 601.0,
                "function_hash": "144956906454211698411691442384169583080"
            },
            "signature_type": "Function",
            "target": {
                "file": "libqpdf/Pl_ASCII85Decoder.cc",
                "function": "Pl_ASCII85Decoder::flush"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-40dda416",
            "digest": {
                "line_hashes": [
                    "13694993585028465781001319959825347373",
                    "310087498959386361797291823932404456576",
                    "49649446920326451269899972948266568550",
                    "13342412487834560302921158546766133040",
                    "35639778790983792980946705142459620813",
                    "40699785523547269874326470352434338009",
                    "120104397444494129316167492941951621002",
                    "33774880105769830406438680590666744443"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "libqpdf/Pl_ASCIIHexDecoder.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-63f64580",
            "digest": {
                "length": 227.0,
                "function_hash": "187767804974098575998698531302435435782"
            },
            "signature_type": "Function",
            "target": {
                "file": "libqpdf/Pl_Count.cc",
                "function": "Pl_Count::write"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-9c33a036",
            "digest": {
                "length": 1266.0,
                "function_hash": "9705939944941504444367821742668190477"
            },
            "signature_type": "Function",
            "target": {
                "file": "libqpdf/Pl_AES_PDF.cc",
                "function": "Pl_AES_PDF::flush"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-b6d83928",
            "digest": {
                "line_hashes": [
                    "321687402356745505709807097041181169873",
                    "195795008906658110627770024484001465071",
                    "243075336715669782149423546345526685975",
                    "73538397886346705444978026317791772716",
                    "240297237944962101967649497148396010055",
                    "327952393685159224342343458199478375702"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "libqpdf/Pl_ASCII85Decoder.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-c34a9232",
            "digest": {
                "line_hashes": [
                    "259576175114283761549609434847224880008",
                    "8363428569006197602946321268027361157",
                    "213213413482566284995313261346255273241",
                    "39686366821373870085308297589176283198",
                    "16063276423364534148040834083823740815"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "libqpdf/Pl_Count.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-e3ce2fb2",
            "digest": {
                "line_hashes": [
                    "297677908884695691230243607557058068057",
                    "87327623640626139513340691484857922771",
                    "168551980213957308120344626598273265683"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "target": {
                "file": "libqpdf/Pl_AES_PDF.cc"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        },
        {
            "id": "CVE-2021-36978-e8733a89",
            "digest": {
                "length": 666.0,
                "function_hash": "154758842905624294376623863600796136195"
            },
            "signature_type": "Function",
            "target": {
                "file": "libqpdf/Pl_ASCIIHexDecoder.cc",
                "function": "Pl_ASCIIHexDecoder::flush"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
        }
    ]
}