{
  "threat_severity" : "Low",
  "public_date" : "2017-08-12T00:00:00Z",
  "bugzilla" : {
    "description" : "qpdf: Infinite Loop in QPDFWriter::enqueueObject in libqpdf/QPDFWriter.cc",
    "id" : "1545272",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1545272"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-400",
  "details" : [ "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.", "An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted QPDF files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18183\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18183\nhttps://github.com/qpdf/qpdf/issues/143" ],
  "name" : "CVE-2017-18183",
  "csaw" : false
}