CVE-2018-11033

CWE-119Buffer Overflow7 documents6 sources
Severity
7.8HIGH
EPSS
0.2%
top 55.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xpdfreader Xpdf
Timeline
PublishedMay 14
Latest updateMay 14

Description

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDxpdfreader/xpdf4.00

🔴Vulnerability Details

3
GHSA
GHSA-cx54-wxpv-wvvj: The DCTStream::readHuffSym function in Stream2022-05-14
OSV
CVE-2018-11033: The DCTStream::readHuffSym function in Stream2018-05-14
CVEList
CVE-2018-11033: The DCTStream::readHuffSym function in Stream2018-05-14

📋Vendor Advisories

1
Debian
CVE-2018-11033: xpdf - The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf befo...2018

💬Community

2
Bugzilla
CVE-2018-11033 xpdf: Stream.cc:DCTStream::readHuffSym function in DCT decoder allows denial of service via crafted JPEG data [epel-all]2018-05-16
Bugzilla
CVE-2018-11033 xpdf: Stream.cc:DCTStream::readHuffSym function in DCT decoder allows denial of service via crafted JPEG data2018-05-16
CVE-2018-11033 (HIGH CVSS 7.8) | The DCTStream::readHuffSym function | cvebase.io