CVE-2018-11780
published 2018-09-17CVE-2018-11780: A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | spamassassin | < 3.4.2 | 3.4.2 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-1 | 3.4.2-1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.14.04.1 | 3.4.2-0ubuntu0.14.04.1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.16.04.1 | 3.4.2-0ubuntu0.16.04.1 |
| apache | spamassassin | >= 0 < 3.4.2-0ubuntu0.18.04.1 | 3.4.2-0ubuntu0.18.04.1 |
| apache_software_foundation | apache_spamassassin | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | spamassassin | < spamassassin 3.4.2-1 (bookworm) | spamassassin 3.4.2-1 (bookworm) |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL