advisories/22586.adv

type: security
subject: Updated qpdf packages fix security vulnerability
src:
  6:
   core:
     - qpdf-7.1.1-1.mga6
     - cups-filters-1.13.4-2.2.mga6
description: |
  Qpdf has been updated to the latest version to fix several security issues.
  - Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
  - Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
  - Stack out of bounds read in iterate_rc4()
  - heap out of bounds read (large) in Pl_Buffer::write
  - Hang due to a pdf xref loop
  Also, the cups-filters package has been rebuilt for the new qpdf.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=22586
 - http://openwall.com/lists/oss-security/2018/02/13/2
ID: MGASA-2018-0131
1	type: security
2	subject: Updated qpdf packages fix security vulnerability
3	src:
4	6:
5	core:
6	- qpdf-7.1.1-1.mga6
7	- cups-filters-1.13.4-2.2.mga6
8	description: \|
9	Qpdf has been updated to the latest version to fix several security issues.
10	- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
11	- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
12	- Stack out of bounds read in iterate_rc4()
13	- heap out of bounds read (large) in Pl_Buffer::write
14	- Hang due to a pdf xref loop
15	Also, the cups-filters package has been rebuilt for the new qpdf.
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=22586
18	- http://openwall.com/lists/oss-security/2018/02/13/2
19	ID: MGASA-2018-0131