CVE-2021-36978

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-36978
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36978.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-36978
Downstream
Related
Published
2021-07-20T07:15:08Z
Modified
2025-09-19T13:07:33.056508Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write (called from PlAESPDF::flush and PlAES_PDF::finish) when a certain downstream write fails.

References

Affected packages

Git / github.com/qpdf/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dc92574c10f3e2516ec6445b88c5d584f40df4e5

Affected versions

release-qpdf-10.*

release-qpdf-10.0.0
release-qpdf-10.0.1
release-qpdf-10.0.2
release-qpdf-10.0.3
release-qpdf-10.0.4

release-qpdf-2.*

release-qpdf-2.0
release-qpdf-2.0.1
release-qpdf-2.0.2
release-qpdf-2.0.3
release-qpdf-2.0.4
release-qpdf-2.0.5
release-qpdf-2.0.6
release-qpdf-2.1
release-qpdf-2.1.1
release-qpdf-2.1.2
release-qpdf-2.1.3
release-qpdf-2.1.4
release-qpdf-2.1.5
release-qpdf-2.1.rc1
release-qpdf-2.2.0
release-qpdf-2.2.1
release-qpdf-2.2.2
release-qpdf-2.2.3
release-qpdf-2.2.4
release-qpdf-2.2.rc1
release-qpdf-2.3.0
release-qpdf-2.3.1

release-qpdf-3.*

release-qpdf-3.0.0
release-qpdf-3.0.1
release-qpdf-3.0.2
release-qpdf-3.0.rc1

release-qpdf-4.*

release-qpdf-4.0.0
release-qpdf-4.0.1
release-qpdf-4.1.0
release-qpdf-4.2.0

release-qpdf-5.*

release-qpdf-5.0.0
release-qpdf-5.0.1
release-qpdf-5.1.0
release-qpdf-5.1.1
release-qpdf-5.1.2
release-qpdf-5.1.3
release-qpdf-5.2.0

release-qpdf-6.*

release-qpdf-6.0.0

release-qpdf-7.*

release-qpdf-7.0.0
release-qpdf-7.0.b1
release-qpdf-7.1.0
release-qpdf-7.1.1

release-qpdf-8.*

release-qpdf-8.0.0
release-qpdf-8.0.1
release-qpdf-8.0.2
release-qpdf-8.0.a1
release-qpdf-8.0.rc1
release-qpdf-8.0.rc2
release-qpdf-8.0.rc3
release-qpdf-8.1.0
release-qpdf-8.2.0
release-qpdf-8.2.1
release-qpdf-8.3.0
release-qpdf-8.4.0
release-qpdf-8.4.1
release-qpdf-8.4.2

release-qpdf-9.*

release-qpdf-9.0.0
release-qpdf-9.0.1
release-qpdf-9.0.2
release-qpdf-9.1.0
release-qpdf-9.1.1
release-qpdf-9.1.rc1

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "144956906454211698411691442384169583080",
                "length": 601.0
            },
            "signature_type": "Function",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_ASCII85Decoder.cc",
                "function": "Pl_ASCII85Decoder::flush"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-346f02bf"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "13694993585028465781001319959825347373",
                    "310087498959386361797291823932404456576",
                    "49649446920326451269899972948266568550",
                    "13342412487834560302921158546766133040",
                    "35639778790983792980946705142459620813",
                    "40699785523547269874326470352434338009",
                    "120104397444494129316167492941951621002",
                    "33774880105769830406438680590666744443"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_ASCIIHexDecoder.cc"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-40dda416"
        },
        {
            "digest": {
                "function_hash": "187767804974098575998698531302435435782",
                "length": 227.0
            },
            "signature_type": "Function",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_Count.cc",
                "function": "Pl_Count::write"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-63f64580"
        },
        {
            "digest": {
                "function_hash": "9705939944941504444367821742668190477",
                "length": 1266.0
            },
            "signature_type": "Function",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_AES_PDF.cc",
                "function": "Pl_AES_PDF::flush"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-9c33a036"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "321687402356745505709807097041181169873",
                    "195795008906658110627770024484001465071",
                    "243075336715669782149423546345526685975",
                    "73538397886346705444978026317791772716",
                    "240297237944962101967649497148396010055",
                    "327952393685159224342343458199478375702"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_ASCII85Decoder.cc"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-b6d83928"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "259576175114283761549609434847224880008",
                    "8363428569006197602946321268027361157",
                    "213213413482566284995313261346255273241",
                    "39686366821373870085308297589176283198",
                    "16063276423364534148040834083823740815"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_Count.cc"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-c34a9232"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "297677908884695691230243607557058068057",
                    "87327623640626139513340691484857922771",
                    "168551980213957308120344626598273265683"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_AES_PDF.cc"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-e3ce2fb2"
        },
        {
            "digest": {
                "function_hash": "154758842905624294376623863600796136195",
                "length": 666.0
            },
            "signature_type": "Function",
            "source": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5",
            "target": {
                "file": "libqpdf/Pl_ASCIIHexDecoder.cc",
                "function": "Pl_ASCIIHexDecoder::flush"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2021-36978-e8733a89"
        }
    ]
}