PT-2018-14471 · Xpdf+1 · Xpdf+1

Fish

·

Publicado

2018-10-18

·

Atualizado

2018-11-30

·

CVE-2018-18457

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Xpdf version 4.00
Description The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, via a crafted pdf file. This is demonstrated by the use of pdftoppm, which interacts with the vulnerable function.
Recommendations For Xpdf version 4.00, consider disabling the DCTStream::readScan function in Stream.cc as a temporary workaround until a patch is available.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2018-18457

Produtos afetados

Debian
Xpdf