OSV-2024-18

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2024-18.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-18
Published
2024-01-19T00:01:09.084916Z
Modified
2024-03-22T00:15:58.328190Z
Summary
Heap-use-after-free in QPDF::read_xref
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65777

Crash type: Heap-use-after-free READ 8
Crash state:
QPDF::read_xref
QPDF::reconstruct_xref
QPDF::parse
References

Affected packages

OSS-Fuzz / qpdf

Package

Name
qpdf
Purl
pkg:generic/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf.git
Events
Introduced
5641832e54e347c2c33e9304d96cca450eb305ed
Fixed
ed43691bf3e1da1cefb7a4618cb809684040dd65

Affected versions

v11.*

v11.8.0

Ecosystem specific 

{
    "severity": "HIGH"
}