Vulnerability CVE-2018-11255

Vulnerability Name:

CVE-2018-11255 (CCN-143595)

Assigned:

2018-05-08

Published:

2018-05-08

Updated:

2018-06-15

Summary:

An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-11255

Source: CCN
Type: Red Hat Bugzilla Bug 1575502
podofo Null Pointer Dereference Denial of Service

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1575502

Source: XF
Type: UNKNOWN
podofo-cve201811255-dos(143595)

Source: CCN
Type: PoDoFo Web site
A PDF parsing, modification and creation library.

Vulnerable Configuration:

Configuration 1:

cpe:/a:podofo_project:podofo:0.9.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55536	P	Security update for runc (Important) (in QA)	2023-04-03
oval:org.opensuse.security:def:201811255	V	CVE-2018-11255	2022-09-02
oval:org.opensuse.security:def:112776	P	libpodofo-devel-0.9.7-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:11164	P	Security update for postrsd (Moderate)	2021-12-30
oval:org.opensuse.security:def:10383	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:10375	P	Security update for mariadb (Moderate)	2021-12-06
oval:org.opensuse.security:def:26175	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:55262	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:106247	P	Security update for salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:26140	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:38146	P	Security update for glibc (Moderate)	2021-10-04
oval:org.opensuse.security:def:10696	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:11127	P	Security update for gifsicle (Moderate)	2021-09-13
oval:org.opensuse.security:def:11122	P	Security update for cacti, cacti-spine (Moderate)	2021-08-25
oval:org.opensuse.security:def:46887	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47651	P	java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47125	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48343	P	xf86-video-intel-2.99.917+git781.c8990575-1.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47549	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47339	P	libdmx1-1.1.3-3.51 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47580	P	cracklib-2.9.0-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46978	P	kdump-0.8.15-28.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48289	P	python-urllib3-1.22-3.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47485	P	python-requests-2.8.1-6.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47423	P	libupsclient1-2.7.1-4.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11105	P	Security update for icinga2 (Moderate)	2021-07-21
oval:org.opensuse.security:def:10683	P	Security update for bluez (Moderate)	2021-07-12
oval:org.opensuse.security:def:11097	P	Security update for solo (Moderate)	2021-07-10
oval:org.opensuse.security:def:11235	P	Security update for roundcubemail (Important)	2021-07-02
oval:org.opensuse.security:def:46430	P	gnutls-3.2.15-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46563	P	python-libxml2-2.9.1-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12698	P	python-2.7.13-28.11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46429	P	gnome-shell-3.10.4-22.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12766	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11846	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13649	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11354	P	libdcerpc-binding0-32bit-4.1.12-3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11334	P	libX11-6-1.6.2-4.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11418	P	libzip2-0.11.1-4.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12078	P	coreutils-8.25-12.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46443	P	jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46755	P	libpcsclite1-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12720	P	sblim-sfcb-1.4.8-17.3.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11396	P	libraptor2-0-2.0.10-3.67 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11824	P	gpgme-1.5.1-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12690	P	perl-Tk-804.031-3.82 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11329	P	krb5-1.12.1-6.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13671	P	logwatch-7.4.0-13.131 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11405	P	libspice-client-glib-2_0-8-0.25-3.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11356	P	libecpg6-9.3.5-2.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12056	P	MozillaFirefox-52.2.0esr-108.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:57005	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:11220	P	Security update for Botan (Important)	2021-05-25
oval:org.opensuse.security:def:11186	P	Security update for froxlor (Moderate)	2021-03-19
oval:org.opensuse.security:def:10674	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:10405	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:11173	P	Security update for segv_handler (Moderate)	2021-02-02
oval:org.opensuse.security:def:10632	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:11022	P	Security update for minidlna (Moderate)	2020-12-08
oval:org.opensuse.security:def:12922	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16870	P	libpodofo-devel-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4034	P	libpodofo-devel-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12998	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12828	P	at-3.1.14-8.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17360	P	libpodofo0_9_2-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:11254	P	python-Beaker-1.6.4-0.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12947	P	libXcursor1-1.1.14-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12813	P	MozillaFirefox-68.1.0-109.92.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13011	P	libkde4-32bit-4.12.0-10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12847	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49029	P	libpodofo0_9_2-0.9.2-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12989	P	libgcrypt20-1.6.1-16.68.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:18009	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:18309	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:17825	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:54532	P	libXxf86vm1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55574	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:18076	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38453	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18973	P	Security update for podofo (Moderate)	2020-12-01
oval:org.opensuse.security:def:10895	P	coolkey-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54811	P	iputils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56931	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:25357	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:10988	P	libcorosync-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38306	P	libjasper1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10865	P	xorg-x11-server-sdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24808	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:18275	P	Security update for dovecot22 (Moderate)	2020-12-01
oval:org.opensuse.security:def:37678	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55462	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:25015	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:25502	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:24735	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:37898	P	libipa_hbac0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18186	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38481	P	shadow on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10451	P	gtk2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25154	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:38056	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39163	P	gd-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17833	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:10513	P	libjson-c-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55370	P	qemu-ovmf-x86_64 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54132	P	unixODBC on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17952	P	Security update for mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:10607	P	wireshark-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18287	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:54294	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25444	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:18040	P	Security update for pacemaker (Important)	2020-12-01
oval:org.opensuse.security:def:38414	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18947	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:10873	P	MozillaFirefox-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54705	P	xfsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55655	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54131	P	tigervnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25304	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10941	P	gwenhywfar-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54977	P	patch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24745	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:11003	P	libgssglue-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38365	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:37667	P	rpcbind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24934	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25458	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:37762	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25071	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:37999	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18218	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:38525	P	xorg-x11-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37666	P	res-signingkeys on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10498	P	libgnomesu-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39205	P	libpodofo0_9_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17867	P	Security update for gc (Moderate)	2020-12-01
oval:org.opensuse.security:def:10532	P	libpoppler-cpp0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54154	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:127420	P	Security update for podofo (Moderate)	2019-07-15
oval:org.opensuse.security:def:124874	P	Security update for podofo (Moderate)	2019-07-15
oval:org.opensuse.security:def:79639	P	Security update for podofo (Moderate)	2019-07-15
oval:org.opensuse.security:def:125930	P	Security update for podofo (Moderate)	2019-07-15
oval:com.ubuntu.xenial:def:2018112550000000	V	CVE-2018-11255 on Ubuntu 16.04 LTS (xenial) - low.	2018-05-18
oval:com.ubuntu.artful:def:201811255000	V	CVE-2018-11255 on Ubuntu 17.10 (artful) - low.	2018-05-18
oval:com.ubuntu.xenial:def:201811255000	V	CVE-2018-11255 on Ubuntu 16.04 LTS (xenial) - low.	2018-05-18
oval:com.ubuntu.bionic:def:201811255000	V	CVE-2018-11255 on Ubuntu 18.04 LTS (bionic) - low.	2018-05-18
oval:com.ubuntu.cosmic:def:2018112550000000	V	CVE-2018-11255 on Ubuntu 18.10 (cosmic) - low.	2018-05-18
oval:com.ubuntu.disco:def:2018112550000000	V	CVE-2018-11255 on Ubuntu 19.04 (disco) - low.	2018-05-18
oval:com.ubuntu.cosmic:def:201811255000	V	CVE-2018-11255 on Ubuntu 18.10 (cosmic) - low.	2018-05-18
oval:com.ubuntu.bionic:def:2018112550000000	V	CVE-2018-11255 on Ubuntu 18.04 LTS (bionic) - low.	2018-05-18
oval:com.ubuntu.trusty:def:201811255000	V	CVE-2018-11255 on Ubuntu 14.04 LTS (trusty) - low.	2018-05-18

BACK