CVE-2018-11780

CWE-94 — Code Injection CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

9.8CRITICAL

EPSS

6.8%

top 8.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Spamassassin Apache Software Foundation Apache Spamassassin Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 17

Latest updateMay 14

Description

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDapache/spamassassin< 3.4.2

▶CVEListV5apache_software_foundation/apache_spamassassinbefore 3.4.2

▶Debianspamassassin< 3.4.2-1+3

▶Ubuntuspamassassin< 3.4.2-0ubuntu0.14.04.1+2

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

🔴Vulnerability Details

GHSA

GHSA-ph2p-v983-f856: A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3↗2022-05-14

▶

OSV

spamassassin vulnerabilities↗2018-11-06

▶

CVEList

CVE-2018-11780: A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3↗2018-09-17

▶

OSV

CVE-2018-11780: A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3↗2018-09-17

▶

📋Vendor Advisories

Ubuntu

SpamAssassin vulnerabilities↗2018-12-05

▶

Ubuntu

SpamAssassin vulnerabilities↗2018-11-06

▶

Red Hat

spamassassin: Potential remote code execution vulnerability in PDFInfo plugin↗2018-09-17

▶

Debian

CVE-2018-11780: spamassassin - A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache S...↗2018

▶

💬Community

Bugzilla

CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin↗2018-09-17

▶

Bugzilla

CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all]↗2018-09-17

▶