CVE-2018-18651

CWE-8348 documents6 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 60.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xpdfreader Xpdf
Timeline
PublishedOct 25
Latest updateMay 13

Description

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDxpdfreader/xpdf4.00

🔴Vulnerability Details

3
GHSA
GHSA-7mwm-jwjx-gh7x: An issue was discovered in Xpdf 42022-05-13
OSV
CVE-2018-18651: An issue was discovered in Xpdf 42018-10-25
CVEList
CVE-2018-18651: An issue was discovered in Xpdf 42018-10-25

📋Vendor Advisories

1
Debian
CVE-2018-18651: xpdf - An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allo...2018

💬Community

3
Bugzilla
CVE-2018-18651 xpdf: large loop catalog->getNumPages() in AcroForm.cc2018-11-05
Bugzilla
CVE-2018-18651 xpdf: large loop catalog->getNumPages() in AcroForm.cc [fedora-all]2018-11-05
Bugzilla
CVE-2018-18651 xpdf: large loop catalog->getNumPages() in AcroForm.cc [epel-all]2018-11-05
CVE-2018-18651 (MEDIUM CVSS 5.5) | An issue was discovered in Xpdf 4.0 | cvebase.io