An update for qpdf is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1966 Final 1.0 1.0 2024-08-09 Initial 2024-08-09 2024-08-09 openEuler SA Tool V1.0 2024-08-09 qpdf security update An update for qpdf is now available for openEuler-22.03-LTS-SP1 QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It also provides many useful capabilities to developers of PDF-producing software or for people who just want to look at the innards of a PDF file to learn more about how they work. Security Fix(es): QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.(CVE-2022-34503) An update for qpdf is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium qpdf https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1966 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-34503 https://nvd.nist.gov/vuln/detail/CVE-2022-34503 openEuler-22.03-LTS-SP1 qpdf-8.4.2-5.oe2203sp1.aarch64.rpm qpdf-debuginfo-8.4.2-5.oe2203sp1.aarch64.rpm qpdf-debugsource-8.4.2-5.oe2203sp1.aarch64.rpm qpdf-devel-8.4.2-5.oe2203sp1.aarch64.rpm qpdf-8.4.2-5.oe2203sp1.src.rpm qpdf-8.4.2-5.oe2203sp1.x86_64.rpm qpdf-debuginfo-8.4.2-5.oe2203sp1.x86_64.rpm qpdf-debugsource-8.4.2-5.oe2203sp1.x86_64.rpm qpdf-devel-8.4.2-5.oe2203sp1.x86_64.rpm qpdf-help-8.4.2-5.oe2203sp1.noarch.rpm QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2024-08-09 CVE-2022-34503 openEuler-22.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H qpdf security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1966