Bug 1082840 (CVE-2018-7455)

Summary: VUL-1: CVE-2018-7455: xpdf: An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc allows attackers to launch denial of service via a specific pdf file
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: pgajdos, smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/200815/
Whiteboard: maint:planned:update CVSSv2:NVD:CVE-2018-7455:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2018-7455:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2018-7455:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    

Description Karol Babioch 2018-02-26 13:08:10 UTC 
CVE-2018-7455

An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00
allows attackers to launch denial of service via a specific pdf file, as
demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7455
http://www.cvedetails.com/cve/CVE-2018-7455/
https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
https://forum.xpdfreader.com/viewtopic.php?f=3&amp;t=654&amp;p=819#p819
Comment 1 Peter Simons 2018-06-21 09:27:23 UTC 
Upstream commented: 

> I think I've tracked down the problem here.
> I'm working on a fix for it.

That was over a year ago. No observable progress has been made since then.
Comment 2 Petr Gajdos 2023-06-12 11:36:46 UTC 
https://github.com/skysider/FuzzVuln/blob/master/xpdf_pdftohtml_invalid_pointer_dereference_JPXStream_close.pdf

I do not get any crash or valgrind error with pdftohtml from devel,15,12,11sp1/poppler.

Since xpdf is not maintained anymore I suggest to close.