PT-2018-3977 · Foolabs+2 · Xpdf+2
Skysider
·
Publicado
2018-02-24
·
Atualizado
2024-08-08
·
CVE-2018-7453
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
xpdf version 4.00
Description
The issue is related to infinite recursion in the
AcroForm::scanField function in AcroForm.cc, which can be exploited to launch a denial of service attack via a specific pdf file due to the lack of loop checking. This can be demonstrated using pdftohtml. The vulnerability allows attackers to initiate a denial of service.Recommendations
For xpdf version 4.00, consider disabling the
AcroForm::scanField function as a temporary workaround until a patch is available. Restrict access to pdf files that could potentially exploit this issue to minimize the risk of denial of service attacks.Correção
DoS
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Debian
Xpdf