vulnerability
Alpine Linux: CVE-2017-12595: Improper Input Validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Aug 27, 2017 | Aug 22, 2024 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Aug 27, 2017
Added
Aug 22, 2024
Modified
Mar 25, 2026
Description
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
Solution
alpine-linux-upgrade-qpdf
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.