1085247 – (CVE-2018-8105) VUL-1: CVE-2018-8105: xpdf: The JPXStream::fillReadBuf function in JPXStream.cc allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file

Bug 1085247 (CVE-2018-8105) - VUL-1: CVE-2018-8105: xpdf: The JPXStream::fillReadBuf function in JPXStream.cc allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file

Summary: VUL-1: CVE-2018-8105: xpdf: The JPXStream::fillReadBuf function in JPXStream....

Status:	RESOLVED INVALID

Alias:	CVE-2018-8105

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Peter Simons
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/201805/
Whiteboard:	CVSSv3:SUSE:CVE-2018-8105:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:	1133493
	Show dependency tree / graph

Clone This Bug

Reported:	2018-03-14 08:56 UTC by Karol Babioch
Modified:	2023-06-14 14:41 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer (220.65 KB, application/pdf) 2018-03-14 09:05 UTC, Karol Babioch	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-03-14 08:56:55 UTC

CVE-2018-8105

The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows
attackers to launch denial of service (heap-based buffer over-read and
application crash) via a specific pdf file, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8105
https://forum.xpdfreader.com/viewtopic.php?f=3&t=652

Comment 1 Karol Babioch 2018-03-14 09:05:11 UTC

Created attachment 763609 [details]
Reproducer

Comment 2 Peter Simons 2018-06-21 08:48:29 UTC

Upstream has not responded to the bug report in their web forum. I am unaware of any fixes for these issues.

Comment 3 Petr Gajdos 2023-06-12 13:06:44 UTC

Could not reproduce a crash or valgrind error for TW,15,12,11sp1/poppler. Since xpdf is not maintained anymore, I suggest to close this.