CVE-2018-11033

Name of the Vulnerable Software and Affected Versions xpdf versions prior to 4.00

Description The issue concerns the DCTStream::readHuffSym function in the DCT decoder. It allows remote attackers to cause a denial of service, potentially leading to an application crash, via crafted JPEG data. There is also a possibility of unspecified other impact.

Recommendations For versions prior to 4.00, update to version 4.00 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG data from untrusted sources until the update is applied.