SB2018021523 - Multiple vulnerabilities in xpdf
Published: February 15, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2018-18650)
The vulnerability allows attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml.
2) Input validation error (CVE-ID: CVE-2018-18651)
The vulnerability allows attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml.
3) Out-of-bounds read (CVE-ID: CVE-2018-18454)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4) Out-of-bounds read (CVE-ID: CVE-2018-18455)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The GfxImageColorMap class in GfxState.cc in Xpdf 4.00. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
5) Stack-based buffer overflow (CVE-ID: CVE-2018-18456)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a crafted pdf file, as demonstrated by pdftoppm. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) NULL pointer dereference (CVE-ID: CVE-2018-18457)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted pdf file, as demonstrated by pdftoppm.
7) NULL pointer dereference (CVE-ID: CVE-2018-18458)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted pdf file, as demonstrated by pdftoppm.
8) NULL pointer dereference (CVE-ID: CVE-2018-18459)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted pdf file, as demonstrated by pdftoppm.
9) Out-of-bounds read (CVE-ID: CVE-2018-16368)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
10) Input validation error (CVE-ID: CVE-2018-16369)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml.
11) Buffer overflow (CVE-ID: CVE-2018-11033)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
12) Heap-based buffer overflow (CVE-ID: CVE-2018-8100)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00. A remote attacker can use a specific pdf file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Out-of-bounds read (CVE-ID: CVE-2018-8101)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The JPXStream::inverseTransformLevel function in JPXStream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
14) Out-of-bounds read (CVE-ID: CVE-2018-8102)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
15) Out-of-bounds read (CVE-ID: CVE-2018-8103)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
16) Out-of-bounds read (CVE-ID: CVE-2018-8104)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The BufStream::lookChar function in Stream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
17) Out-of-bounds read (CVE-ID: CVE-2018-8105)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The JPXStream::fillReadBuf function in JPXStream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
18) Out-of-bounds read (CVE-ID: CVE-2018-8106)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The JPXStream::readTilePartData function in JPXStream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
19) Out-of-bounds read (CVE-ID: CVE-2018-8107)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing a specific pdf file, as demonstrated by pdftohtml within the The JPXStream::close function in JPXStream.cc. A remote attacker can create a specially crafted file, pass it to the application, trigger out-of-bounds read error and crash the affected application.
20) NULL pointer dereference (CVE-ID: CVE-2018-7452)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a specific pdf file, as demonstrated by pdftohtml.
21) Infinite loop (CVE-ID: CVE-2018-7453)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
22) NULL pointer dereference (CVE-ID: CVE-2018-7454)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a specific pdf file, as demonstrated by pdftohtml.
23) Out-of-bounds read (CVE-ID: CVE-2018-7455)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
24) Infinite loop (CVE-ID: CVE-2018-7174)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
25) NULL pointer dereference (CVE-ID: CVE-2018-7175)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a JPX image with zero components.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/152006
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747
- https://exchange.xforce.ibmcloud.com/vulnerabilities/152005
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
- https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
- https://github.com/TeamSeri0us/pocs/tree/master/xpdf
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=652
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
- https://forum.xpdfreader.com/viewtopic.php?p=814#p814
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=605