Bug 1112426 (CVE-2018-18457) - VUL-1: CVE-2018-18457: xpdf: DCTStream:readScan NULL pointer dereference
Summary: VUL-1: CVE-2018-18457: xpdf: DCTStream:readScan NULL pointer dereference
Status: RESOLVED INVALID
Alias: CVE-2018-18457
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Peter Simons
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/216993/
Whiteboard: CVSSv3:SUSE:CVE-2018-18457:3.3:(AV:L...
Keywords:
Depends on:
Blocks: 1133493
  Show dependency treegraph
 
Reported: 2018-10-18 14:09 UTC by Karol Babioch
Modified: 2023-06-14 14:45 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-10-18 14:09:20 UTC 
CVE-2018-18457

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted pdf file, as demonstrated by pdftoppm.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18457
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18457.html
Comment 1 Petr Gajdos 2023-06-12 15:58:45 UTC 
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm

The testcase does not expose any valgrind error as far as I tested on all codestreams. xpdf is not maintained anymore, suggest to close this bug.