CVE-2018-18651

Published: 25 October 2018

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
ipe
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
libextractor
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
poppler
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(poppler is not affected)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
xpdf
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: xpdf in Debian uses poppler, which is not affected or fixed)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.04-7)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.03-17)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)