CVE-2018-18455: The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf…

medium5.5CVSS 3.0

AVLACLPRNUIRSUCNINAH

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Affected

2 ranges

Vendor	Product	Version range	Fixed in
debian	xpdf	—	—
xpdfreader	xpdf	—	—

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv5.5MEDIUM