Vulnerability Name: | CVE-2018-18650 (CCN-152006) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2018-10-25 | ||||||||||||||||||||||||||||||||||||
Published: | 2018-10-25 | ||||||||||||||||||||||||||||||||||||
Updated: | 2018-12-06 | ||||||||||||||||||||||||||||||||||||
Summary: | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-18650 Source: MISC Type: Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/152006 Source: XF Type: UNKNOWN xpdf-cve201818650-dos(152006) Source: CCN Type: xpdfreader Web site two bugs in pdftohtml Source: MISC Type: Exploit, Third Party Advisory https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-18650 | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |