Search Results | AttackerKB

Show filters

Topics 26 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

26 Total Results

Displaying 1-10 of 26

Attacker Value

Unknown

CVE-2018-18651

Disclosure Date: October 25, 2018 (last updated November 27, 2024)

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

0

Attacker Value

Unknown

CVE-2018-18650

Disclosure Date: October 25, 2018 (last updated November 27, 2024)

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.

0

Attacker Value

Unknown

CVE-2018-18458

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-18455

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-18456

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-18454

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-18457

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-18459

Disclosure Date: October 18, 2018 (last updated November 27, 2024)

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-16368

Disclosure Date: September 03, 2018 (last updated November 27, 2024)

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

0

Attacker Value

Unknown

CVE-2018-16369

Disclosure Date: September 03, 2018 (last updated November 27, 2024)

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.

0