PT-2018-10255 · Foolabs+1 · Xpdf+1
Sixpig
·
Published
2018-05-14
·
Updated
2018-06-19
·
CVE-2018-11033
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
xpdf versions prior to 4.00
Description
The issue concerns the DCTStream::readHuffSym function in the DCT decoder. It allows remote attackers to cause a denial of service, potentially leading to an application crash, via crafted JPEG data. There is also a possibility of unspecified other impact.
Recommendations
For versions prior to 4.00, update to version 4.00 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG data from untrusted sources until the update is applied.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Xpdf