QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write (called from PlAESPDF::flush and PlAES_PDF::finish) when a certain downstream write fails.
{ "vanir_signatures": [ { "id": "CVE-2021-36978-346f02bf", "digest": { "length": 601.0, "function_hash": "144956906454211698411691442384169583080" }, "signature_type": "Function", "target": { "file": "libqpdf/Pl_ASCII85Decoder.cc", "function": "Pl_ASCII85Decoder::flush" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-40dda416", "digest": { "line_hashes": [ "13694993585028465781001319959825347373", "310087498959386361797291823932404456576", "49649446920326451269899972948266568550", "13342412487834560302921158546766133040", "35639778790983792980946705142459620813", "40699785523547269874326470352434338009", "120104397444494129316167492941951621002", "33774880105769830406438680590666744443" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "libqpdf/Pl_ASCIIHexDecoder.cc" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-63f64580", "digest": { "length": 227.0, "function_hash": "187767804974098575998698531302435435782" }, "signature_type": "Function", "target": { "file": "libqpdf/Pl_Count.cc", "function": "Pl_Count::write" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-9c33a036", "digest": { "length": 1266.0, "function_hash": "9705939944941504444367821742668190477" }, "signature_type": "Function", "target": { "file": "libqpdf/Pl_AES_PDF.cc", "function": "Pl_AES_PDF::flush" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-b6d83928", "digest": { "line_hashes": [ "321687402356745505709807097041181169873", "195795008906658110627770024484001465071", "243075336715669782149423546345526685975", "73538397886346705444978026317791772716", "240297237944962101967649497148396010055", "327952393685159224342343458199478375702" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "libqpdf/Pl_ASCII85Decoder.cc" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-c34a9232", "digest": { "line_hashes": [ "259576175114283761549609434847224880008", "8363428569006197602946321268027361157", "213213413482566284995313261346255273241", "39686366821373870085308297589176283198", "16063276423364534148040834083823740815" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "libqpdf/Pl_Count.cc" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-e3ce2fb2", "digest": { "line_hashes": [ "297677908884695691230243607557058068057", "87327623640626139513340691484857922771", "168551980213957308120344626598273265683" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "libqpdf/Pl_AES_PDF.cc" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" }, { "id": "CVE-2021-36978-e8733a89", "digest": { "length": 666.0, "function_hash": "154758842905624294376623863600796136195" }, "signature_type": "Function", "target": { "file": "libqpdf/Pl_ASCIIHexDecoder.cc", "function": "Pl_ASCIIHexDecoder::flush" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5" } ] }