CVE-2018-18455

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 38.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xpdfreader Xpdf

Timeline

PublishedOct 18

Latest updateMay 14

Description

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDxpdfreader/xpdf4.00

🔴Vulnerability Details

GHSA

GHSA-h55v-f4j6-2xwm: The GfxImageColorMap class in GfxState↗2022-05-14

▶

CVEList

CVE-2018-18455: The GfxImageColorMap class in GfxState↗2018-10-18

▶

OSV

CVE-2018-18455: The GfxImageColorMap class in GfxState↗2018-10-18

▶

📋Vendor Advisories

Debian

CVE-2018-18455: xpdf - The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers t...↗2018

▶

💬Community

Bugzilla

CVE-2018-18455 xpdf: heap-based buffer over-read in GfxImageColorMap class in GfxState.cc [epel-all]↗2018-11-05

▶

Bugzilla

CVE-2018-18455 xpdf: heap-based buffer over-read in GfxImageColorMap class in GfxState.cc↗2018-11-05

▶

Bugzilla

CVE-2018-18455 xpdf: heap-based buffer over-read in GfxImageColorMap class in GfxState.cc [fedora-all]↗2018-11-05

▶