摘要:
qpdf security update
安全等级: High
公告ID: KylinSec-SA-2023-1620
发布日期: 2023年8月26日
关联CVE: CVE-2021-25786
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It also provides many useful capabilities to developers of PDF-producing software or for people who just want to look at the innards of a PDF file to learn more about how they work.
Security Fix(es):
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.(CVE-2021-25786)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-25786 | KY3.4-4A | qpdf | Fixed |
| CVE-2021-25786 | KY3.4-5A | qpdf | Fixed |
| CVE-2021-25786 | KY3.5.1 | qpdf | Fixed |
| CVE-2021-25786 | KY3.5.2 | qpdf | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| qpdf-help | noarch | 8.4.2-4.kb2.ky3_5 |
| qpdf-devel | x86_64 | 8.4.2-4.kb2.ky3_5 |
| qpdf | x86_64 | 8.4.2-4.kb2.ky3_5 |
| qpdf-devel | aarch64 | 8.4.2-4.kb2.ky3_5 |
| qpdf | aarch64 | 8.4.2-4.kb2.ky3_5 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| qpdf-help | noarch | 8.4.2-4.kb1.ky3_4 |
| qpdf | x86_64 | 8.4.2-4.kb1.ky3_4 |
| qpdf-devel | x86_64 | 8.4.2-4.kb1.ky3_4 |
| qpdf-devel | aarch64 | 8.4.2-4.kb1.ky3_4 |
| qpdf | aarch64 | 8.4.2-4.kb1.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| qpdf-help | noarch | 8.4.2-4.kb1.ky3_4 |
| qpdf | x86_64 | 8.4.2-4.kb1.ky3_4 |
| qpdf-devel | x86_64 | 8.4.2-4.kb1.ky3_4 |
| qpdf-devel | aarch64 | 8.4.2-4.kb1.ky3_4 |
| qpdf | aarch64 | 8.4.2-4.kb1.ky3_4 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| qpdf-help | noarch | 8.4.2-4.ky3_5 |
| qpdf | x86_64 | 8.4.2-4.ky3_5 |
| qpdf-devel | x86_64 | 8.4.2-4.ky3_5 |
| qpdf | aarch64 | 8.4.2-4.ky3_5 |
| qpdf-devel | aarch64 | 8.4.2-4.ky3_5 |
sudo dnf udpate qpdf
