View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9208 negligible priority: Ubuntu including 1 source packages (qpdf), 6 status rows across 6 suites (artful, bionic, trusty, upstream, xenial, zesty): released 3, not-affected 2, ignored 1.
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.