CVE-2018-16368

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
03/09/2018
Last modified:
03/10/2019

Description

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:xpdfreader:xpdf:4.00:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools