cve/2017/CVE-2017-9208.md

CVE-2017-9208

Description

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

POC

Reference

• https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/

Github

• https://github.com/0xCyberY/CVE-T4PDF
• https://github.com/ARPSyndicate/cvemon