First Last Prev Next    This bug is not in your last search results.
Bug 1085244 - (CVE-2018-8102) VUL-1: CVE-2018-8102: xpdf: The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file
(CVE-2018-8102)
VUL-1: CVE-2018-8102: xpdf: The JBIG2MMRDecoder::getBlackCode function in JBI...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Peter Simons
Security Team bot
https://smash.suse.de/issue/201802/
CVSSv3:SUSE:CVE-2018-8102:3.3:(AV:L/...
:
Depends on:
Blocks: 1133493
  Show dependency treegraph
 
Reported: 2018-03-14 08:54 UTC by Karol Babioch
Modified: 2020-06-29 06:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (173.80 KB, application/pdf)
2018-03-14 09:03 UTC, Karol Babioch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-14 08:54:58 UTC 
CVE-2018-8102

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows
attackers to launch denial of service (buffer over-read and application crash)
via a specific pdf file, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8102
https://forum.xpdfreader.com/viewtopic.php?f=3&t=652
Comment 1 Karol Babioch 2018-03-14 09:03:43 UTC 
Created attachment 763606 [details]
Reproducer
Comment 2 Peter Simons 2018-06-21 08:47:50 UTC 
Upstream has not responded to the bug report in their web forum. I am unaware of any fixes for these issues.
First Last Prev Next    This bug is not in your last search results.