Fluid Attacks Database

Description

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	xpdf	=3.04+git20220601-1 \|\| =3.04+git20231213-1 \|\| =3.04+git20240118-1 \|\| =3.04+git20240124-1 \|\| =3.04+git20240202-1 \|\| =3.04+git20240613-1 \|\| =3.04+git20250103-1 \|\| =3.04+git20250304-1 \|\| =3.04+git20260220-1
debian 11	xpdf	=3.04+git20210103-3 \|\| =3.04+git20211001-1 \|\| =3.04+git20211021-1 \|\| =3.04+git20220201-1 \|\| =3.04+git20220601-1 \|\| =3.04+git20231213-1 \|\| =3.04+git20240118-1 \|\| =3.04+git20240124-1 \|\| =3.04+git20240202-1 \|\| =3.04+git20240613-1 \|\| =3.04+git20250103-1 \|\| =3.04+git20250304-1 \|\| =3.04+git20260220-1
debian 14	xpdf	=3.04+git20250304-1 \|\| =3.04+git20260220-1
debian 13	xpdf	=3.04+git20250304-1 \|\| =3.04+git20260220-1

Aliases

1. CVE-2018-110332. NVD-2018-110333. OSV-DEBIAN-2018-110334. OSV-2018-110335. SECURITY-TRACKER-CVE-2018-11033

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.