1106883 – (CVE-2018-16368) VUL-1: CVE-2018-16368: xpdf: SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remoteattackers to cause a denial of service (heap-based buffer over-read) via acrafted pdf file, as demonstrated by pdftoppm.

Bug 1106883 (CVE-2018-16368) - VUL-1: CVE-2018-16368: xpdf: SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remoteattackers to cause a denial of service (heap-based buffer over-read) via acrafted pdf file, as demonstrated by pdftoppm.

Summary: VUL-1: CVE-2018-16368: xpdf: SplashXPath::strokeAdjust in splash/SplashXPath....

Status:	RESOLVED INVALID

Alias:	CVE-2018-16368

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Peter Simons
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/213651/
Whiteboard:	CVSSv3:SUSE:CVE-2018-16368:4.4:(AV:L...
Keywords:

Depends on:
Blocks:	1133493
	Show dependency tree / graph

Clone This Bug

Reported:	2018-09-03 08:49 UTC by Marcus Meissner
Modified:	2023-06-14 14:44 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
xpdf-pdftoppm-heap-overflow-poc-1 (78.55 KB, application/pdf) 2018-09-03 08:51 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-09-03 08:49:48 UTC

CVE-2018-16368

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote
attackers to cause a denial of service (heap-based buffer over-read) via a
crafted pdf file, as demonstrated by pdftoppm.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16368
https://github.com/TeamSeri0us/pocs/tree/master/xpdf

Comment 1 Marcus Meissner 2018-09-03 08:51:26 UTC

Created attachment 781657 [details]
xpdf-pdftoppm-heap-overflow-poc-1

QA REPRODUCER:

valgrind pdftoppm xpdf-pdftoppm-heap-overflow-poc-1 >/dev/null

should not show errors

Comment 2 Marcus Meissner 2018-09-03 08:52:10 UTC

poppler-tools seems not affected (already fixed probably)

Comment 3 Petr Gajdos 2023-06-12 14:13:02 UTC

I get zero valgrind errors for TW,15,12,11sp1/poppler.

I suggest to close this bug.