CVE-2018-18457: Null Pointer Dereference
First published: Thu Oct 18 2018(Updated: )
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =4.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2018-18457.
What is the severity of CVE-2018-18457?
The severity of CVE-2018-18457 is medium.
How does CVE-2018-18457 affect Xpdf 4.00?
CVE-2018-18457 allows remote attackers to cause a denial of service (NULL pointer dereference) in Xpdf 4.00.
How can the vulnerability CVE-2018-18457 be exploited?
The vulnerability CVE-2018-18457 can be exploited by using a crafted PDF file with the pdftoppm tool.
Are there any references related to CVE-2018-18457?
Yes, you can find more information about CVE-2018-18457 in the following references: [link1](https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217) and [link2](https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm).
- collector/nvd-index
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.00