CVE-2018-18650

CWE-190Integer Overflow8 documents6 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 60.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xpdfreader Xpdf
Timeline
PublishedOct 25
Latest updateMay 14

Description

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDxpdfreader/xpdf4.00

🔴Vulnerability Details

3
GHSA
GHSA-6h37-4rh8-55jq: An issue was discovered in Xpdf 42022-05-14
OSV
CVE-2018-18650: An issue was discovered in Xpdf 42018-10-25
CVEList
CVE-2018-18650: An issue was discovered in Xpdf 42018-10-25

📋Vendor Advisories

1
Debian
CVE-2018-18650: xpdf - An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows att...2018

💬Community

3
Bugzilla
CVE-2018-18650 xpdf: Integer Overflow in XRef::readXRefStream in XRef.cc [fedora-all]2018-11-05
Bugzilla
CVE-2018-18650 xpdf: Integer Overflow in XRef::readXRefStream in XRef.cc [epel-all]2018-11-05
Bugzilla
CVE-2018-18650 xpdf: Integer Overflow in XRef::readXRefStream in XRef.cc2018-11-05
CVE-2018-18650 (MEDIUM CVSS 5.5) | An issue was discovered in Xpdf 4.0 | cvebase.io