Vulnerabilities > CVE-2018-18651 - Excessive Iteration vulnerability in Xpdfreader Xpdf 4.00

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

xpdfreader

CWE-834

NVD

Published: 2018-10-25

Updated: 2019-10-03

Summary

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

Vulnerable Configurations

Part	Description	Count
Application	Xpdfreader Xpdfreader Xpdf 4.00	1

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

References

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747
https://exchange.xforce.ibmcloud.com/vulnerabilities/152005