{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-08T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3638-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3638-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/qpdf/qpdf/issues/147"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3638-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3638-1/"}, {"name": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317", "refsource": "MISC", "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"}, {"name": "https://github.com/qpdf/qpdf/issues/147", "refsource": "MISC", "url": "https://github.com/qpdf/qpdf/issues/147"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:49.072Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3638-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3638-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/qpdf/qpdf/issues/147"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18184", "datePublished": "2018-02-13T19:00:00", "dateReserved": "2018-02-13T00:00:00", "dateUpdated": "2024-08-05T21:13:49.072Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qpdf_project:qpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F0E411-FD17-40ED-87AB-D320CB6A39FE", "versionEndExcluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."}, {"lang": "es", "value": "Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una lectura fuera de l\u00edmites basada en pila en la funci\u00f3n iterate_rc4 en QPDF_encryption.cc."}], "id": "CVE-2017-18184", "lastModified": "2018-05-08T13:29:00.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-13T19:29:00.370", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/qpdf/qpdf/issues/147"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3638-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "qpdf: out-of-bounds read in iterate_rc4 in QPDF_encryption.cc", "id": "1545278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545278"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.", "A stack-based out-of-bounds read flaw was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF, under certain conditions, by tricking it into processing crafted QPDF files."], "name": "CVE-2017-18184", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qpdf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "qpdf", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2017-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18184\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18184\nhttps://github.com/qpdf/qpdf/issues/147"], "threat_severity": "Low", "upstream_fix": "qpdf 7.1.1"}