CVE-2018-18456

Name of the Vulnerable Software and Affected Versions Xpdf version 4.00

Description The issue allows remote attackers to cause a denial of service via a crafted pdf file. This is due to a stack-based buffer over-read in the function Object::isName() in Object.h, which is called from Gfx::opSetFillColorN. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Xpdf version 4.00, consider disabling the Object::isName() function as a temporary workaround until a patch is available.