{
  "threat_severity" : "Low",
  "public_date" : "2017-08-23T00:00:00Z",
  "bugzilla" : {
    "description" : "qpdf: out-of-bounds read in iterate_rc4 in QPDF_encryption.cc",
    "id" : "1545278",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1545278"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-125",
  "details" : [ "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.", "A stack-based out-of-bounds read flaw was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF, under certain conditions, by tricking it into processing crafted QPDF files." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "qpdf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18184\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18184\nhttps://github.com/qpdf/qpdf/issues/147" ],
  "name" : "CVE-2017-18184",
  "csaw" : false
}