CVE-2018-7174

CWE-8358 documents6 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 60.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xpdfreader Xpdf

Timeline

PublishedFeb 15

Latest updateMay 13

Description

An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDxpdfreader/xpdf4.00

🔴Vulnerability Details

GHSA

GHSA-3mwf-8hp6-9vxf: An issue was discovered in xpdf 4↗2022-05-13

▶

CVEList

CVE-2018-7174: An issue was discovered in xpdf 4↗2018-02-15

▶

OSV

CVE-2018-7174: An issue was discovered in xpdf 4↗2018-02-15

▶

📋Vendor Advisories

Debian

CVE-2018-7174: xpdf - An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an a...↗2018

▶

💬Community

Bugzilla

CVE-2018-7175 CVE-2018-7173 CVE-2018-7174 xpdf: Multiple vulnerabilities [epel-all]↗2018-02-16

▶

Bugzilla

CVE-2018-7175 CVE-2018-7173 CVE-2018-7174 xpdf: Multiple vulnerabilities [fedora-all]↗2018-02-16

▶

Bugzilla

CVE-2018-7173 CVE-2018-7174 CVE-2018-7175 xpdf: Multiple vulnerabilities↗2018-02-16

▶