CVE-2018-18456
First published: Thu Oct 18 2018(Updated: )
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =4.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-18456.
What is the severity level of CVE-2018-18456?
The severity level of CVE-2018-18456 is medium (5.5).
How does CVE-2018-18456 affect Xpdf 4.00?
CVE-2018-18456 affects Xpdf 4.00 by allowing remote attackers to cause a denial of service (stack-based buffer over-read) through a crafted pdf file.
How can the vulnerability in Xpdf 4.00 be exploited?
The vulnerability in Xpdf 4.00 can be exploited by using a specially crafted pdf file.
Is there a fix available for CVE-2018-18456?
Yes, there is a fix available for CVE-2018-18456. It is recommended to update to a version of Xpdf that includes the fix.
- collector/nvd-index
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.00