La funzione DCTStream :: getBlock in Stream.cc in Xpdf 4.00 consente agli aggressori remoti di causare un denial of service (NULL pointer dereference) tramite un file pdf artigianale, come dimostrato da pdftoppm. |
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18459 |
Vulnerabilità: CVE-2018-18459
