diff -up qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDF.cc
--- qpdf-6.0.0/libqpdf/QPDF.cc.CVE-2017-9208	2017-08-03 08:53:32.806072781 +0200
+++ qpdf-6.0.0/libqpdf/QPDF.cc	2017-08-03 08:55:39.529073703 +0200
@@ -1340,6 +1340,13 @@ QPDF::readObjectAtOffset(bool try_recove
 	objid = atoi(tobjid.getValue().c_str());
 	generation = atoi(tgen.getValue().c_str());
 
+   if (objid == 0)
+   {
+       throw QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
+                     this->last_object_description, offset,
+                     "object with ID 0");
+   }
+
 	if ((exp_objid >= 0) &&
 	    (! ((objid == exp_objid) && (generation == exp_generation))))
 	{
diff -up qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208 qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc
--- qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc.CVE-2017-9208	2015-11-10 18:48:52.000000000 +0100
+++ qpdf-6.0.0/libqpdf/QPDFObjectHandle.cc	2017-08-03 08:54:50.264499428 +0200
@@ -1090,6 +1090,15 @@ QPDFObjectHandle::parseInternal(PointerH
 QPDFObjectHandle
 QPDFObjectHandle::newIndirect(QPDF* qpdf, int objid, int generation)
 {
+    if (objid == 0)
+    {
+        // Special case: QPDF uses objid 0 as a sentinel for direct
+        // objects, and the PDF specification doesn't allow for object
+        // 0. Treat indirect references to object 0 as null so that we
+        // never create an indirect object with objid 0.
+        return newNull();
+    }
+
     return QPDFObjectHandle(qpdf, objid, generation);
 }