Bug 1085268 (CVE-2018-8100) - VUL-1: CVE-2018-8100: xpdf: The JPXStream::readTilePart function in JPXStream.cc allows attackers to launch denial of service (heap-based buffer overflow andapplication crash)
Summary: VUL-1: CVE-2018-8100: xpdf: The JPXStream::readTilePart function in JPXStream...
Status: RESOLVED INVALID
Alias: CVE-2018-8100
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Peter Simons
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/201800/
Whiteboard: CVSSv3:SUSE:CVE-2018-8100:3.3:(AV:L/...
Keywords:
Depends on:
Blocks: 1133493
  Show dependency treegraph
 
Reported: 2018-03-14 10:49 UTC by Karol Babioch
Modified: 2023-06-14 14:42 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (4.19 KB, application/pdf)
2018-03-14 10:50 UTC, Karol Babioch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-14 10:49:34 UTC 
CVE-2018-8100

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows
attackers to launch denial of service (heap-based buffer overflow and
application crash) or possibly have unspecified other impact via a specific pdf
file, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8100
https://forum.xpdfreader.com/viewtopic.php?f=3&t=652
Comment 1 Karol Babioch 2018-03-14 10:50:18 UTC 
Created attachment 763620 [details]
Reproducer
Comment 2 Peter Simons 2018-06-21 08:37:54 UTC 
Upstream has not responded to the bug report https://forum.xpdfreader.com/viewtopic.php?f=3&t=652. I am unaware of any fixes for these issues.
Comment 3 Petr Gajdos 2023-06-12 13:07:15 UTC 
Could not reproduce a crash or valgrind error for TW,15,12,11sp1/poppler. Since xpdf is not maintained anymore, I suggest to close this.