USN-6713-1: QPDF vulnerability
Publication date
25 March 2024
Overview
QPDF could be made to crash or run programs if it opened a specially crafted file.
Releases
Packages
- qpdf - tools for transforming and inspecting PDF files
Details
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
It was discovered that QPDF incorrectly handled certain memory operations
when decoding JSON files. If a user or automated system were tricked into
processing a specially crafted JSON file, QPDF could be made to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
23.10 mantic | libqpdf29 – 11.5.0-1ubuntu1.1 | ||
qpdf – 11.5.0-1ubuntu1.1 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.