You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa qpdf

Sigurnosni nedostaci programskog paketa qpdf

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-08-06 19:03:24.092531

Name : qpdf
Product : Fedora 26
Version : 6.0.0
Release : 6.fc26
Summary : Command-line tools and library for transforming PDF files
Description :
QPDF is a command-line program that does structural, content-preserving
transformations on PDF files. It could have been called something
like pdf-to-pdf. It includes support for merging and splitting PDFs
and to manipulate the list of pages in a PDF file. It is not a PDF viewer
or a program capable of converting PDF into other formats.

Update Information:

Security fix for CVE-2017-11627, CVE-2017-11626, CVE-2017-11625, CVE-2017-11624,
CVE-2017-9208, CVE-2017-9209, CVE-2017-9210.

[ 1 ] Bug #1475510 – CVE-2017-11625 qpdf: Infinite loop in QPDF::resolveObjectsInStream function in
[ 2 ] Bug #1475514 – CVE-2017-11626 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in
[ 3 ] Bug #1475517 – CVE-2017-11627 qpdf: Infinite loop in PointerHolder function in PointerHolder.hh
[ 4 ] Bug #1475507 – CVE-2017-11624 qpdf: Infinite loop in QPDFTokenizer::resolveLiteral function in
[ 5 ] Bug #1454819 – CVE-2017-9210 qpdf: Infinite loop related to unparse functions
[ 6 ] Bug #1454816 – CVE-2017-9209 qpdf: Infinite loop related to QPDFObjectHandle::parseInternal
[ 7 ] Bug #1454815 – CVE-2017-9208 qpdf: Infinite loop related to releaseResolved functions

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade qpdf’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-08-0031-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa ruby

Otkriven je sigurnosni nedostatak u programskom paketu ruby za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....