Heap-based Buffer Overflow in QPDF's Pl_ASCII85Decoder::write() Function

Heap-based Buffer Overflow in QPDF's Pl_ASCII85Decoder::write() Function

CVE-2021-36978 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.

Learn more about our Web Application Penetration Testing UK.