{
  "threat_severity" : "Low",
  "public_date" : "2015-09-02T00:00:00Z",
  "bugzilla" : {
    "description" : "qpdf: Infinite loop in QPDFTokenizer::resolveLiteral in QPDFTokenizer.cc",
    "id" : "1545268",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1545268"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.", "An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted PDF files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-9252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9252\nhttps://github.com/qpdf/qpdf/issues/51" ],
  "name" : "CVE-2015-9252",
  "csaw" : false
}