Vulnerabilities > CVE-2018-18458 - NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
xpdfreader
CWE-476

Summary

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

Vulnerable Configurations

Part Description Count
Application
Xpdfreader
1

Common Weakness Enumeration (CWE)