CVE-2018-18455
First published: Thu Oct 18 2018(Updated: )
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =4.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-18455.
What is the severity rating of CVE-2018-18455?
CVE-2018-18455 has a severity rating of 5.5, which is considered medium.
How does CVE-2018-18455 affect Xpdf?
CVE-2018-18455 affects Xpdf version 4.00.
How can an attacker exploit CVE-2018-18455?
An attacker can exploit CVE-2018-18455 by using a crafted PDF file, as demonstrated by pdftoppm.
Is there a fix available for CVE-2018-18455?
To mitigate CVE-2018-18455, it is recommended to update Xpdf to a version that is not affected by this vulnerability.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.00