PT-2018-3977 · Foolabs+2 · Xpdf+2
Skysider
·
Published
2018-02-24
·
Updated
2024-08-08
·
CVE-2018-7453
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
xpdf version 4.00
Description
The issue is related to infinite recursion in the
AcroForm::scanField function in AcroForm.cc, which can be exploited to launch a denial of service attack via a specific pdf file due to the lack of loop checking. This can be demonstrated using pdftohtml. The vulnerability allows attackers to initiate a denial of service.Recommendations
For xpdf version 4.00, consider disabling the
AcroForm::scanField function as a temporary workaround until a patch is available. Restrict access to pdf files that could potentially exploit this issue to minimize the risk of denial of service attacks.Fix
DoS
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Xpdf