First Last Prev Next    This bug is not in your last search results.
Bug 1085243 - (CVE-2018-8101) VUL-1: CVE-2018-8101: xpdf: The JPXStream::inverseTransformLevel function in JPXStream.cc allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file
(CVE-2018-8101)
VUL-1: CVE-2018-8101: xpdf: The JPXStream::inverseTransformLevel function in ...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Peter Simons
Security Team bot
https://smash.suse.de/issue/201801/
CVSSv3:SUSE:CVE-2018-8101:3.3:(AV:L/...
:
Depends on:
Blocks: 1133493
  Show dependency treegraph
 
Reported: 2018-03-14 08:53 UTC by Karol Babioch
Modified: 2020-06-29 06:32 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (219.21 KB, application/pdf)
2018-03-14 09:03 UTC, Karol Babioch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-14 08:53:06 UTC 
CVE-2018-8101

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00
allows attackers to launch denial of service (heap-based buffer over-read and
application crash) via a specific pdf file, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8101
https://forum.xpdfreader.com/viewtopic.php?f=3&t=652
Comment 1 Karol Babioch 2018-03-14 09:03:12 UTC 
Created attachment 763605 [details]
Reproducer
Comment 2 Peter Simons 2018-06-21 08:47:30 UTC 
Upstream has not responded to the bug report in their web forum. I am unaware of any fixes for these issues.
First Last Prev Next    This bug is not in your last search results.