Summaryinfo

A vulnerability classified as critical has been found in PDFGen. Affected is an unknown function of the file pdfgen.c. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2018-11363. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability was found in PDFGen (version now known). It has been rated as critical. This issue affects some unknown processing of the file pdfgen.c. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.

The bug was discovered 05/21/2018. The weakness was released 05/22/2018 (Website). The advisory is shared at github.com. The identification of this vulnerability is CVE-2018-11363 since 05/21/2018. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.

Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• PDFGen

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion