CVE-2018-16369

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xpdf version 4.00

Description The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a crafted PDF file. This is related to the AcroForm::scanField function.

Recommendations For Xpdf version 4.00, consider disabling the XRef::fetch function as a temporary workaround until a patch is available. Restrict access to the AcroForm::scanField function to minimize the risk of exploitation. Avoid using the Xpdf software to process untrusted PDF files until the issue is resolved.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-404

Related Identifiers

ALT-PU-2024-10474

ALT-PU-2024-10804

ALT-PU-2024-7465

BDU:2024-01225

CVE-2018-16369

Affected Products

Alt Linux

Debian

Xpdf

CVE-2018-16369

Weakness Enumeration

Related Identifiers

Affected Products

References · 11