View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-12595 severity low: SUSE including 34 source package names (cups-filters-1.0.58-15.2.1, cups-filters-1.0.58-19.2.3, …), 166 product×package rows across 50 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 4, … (50 product lines)): Fixed 139, Known Not Affected 27.
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.