Bug 1112426 (CVE-2018-18457)

Summary: VUL-1: CVE-2018-18457: xpdf: DCTStream:readScan NULL pointer dereference
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: pgajdos, smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/216993/
Whiteboard: CVSSv3:SUSE:CVE-2018-18457:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    

Description Karol Babioch 2018-10-18 14:09:20 UTC 
CVE-2018-18457

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted pdf file, as demonstrated by pdftoppm.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18457
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18457.html
Comment 1 Petr Gajdos 2023-06-12 15:58:45 UTC 
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm

The testcase does not expose any valgrind error as far as I tested on all codestreams. xpdf is not maintained anymore, suggest to close this bug.