CVE-2018-11780

Published: Sep 17, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

Affected (7)

Products: Apache: Spamassassin · Pdfinfo Project: Pdfinfo · Canonical: Ubuntu Linux · +1 more

Show all products

Apache: Spamassassin · Pdfinfo Project: Pdfinfo · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

Pdfinfo Project

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Spamassassin	Before 3.4.2
Pdfinfo Project Pdfinfo	All versions

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Debian Debian Linux	Version 8.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

Source: security@apache.org

http://www.securityfocus.com/bid/105373

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201812-07

Source: security@apache.org

Third Party Advisory

https://usn.ubuntu.com/3811-1/

Source: security@apache.org

Third Party Advisory

https://usn.ubuntu.com/3811-3/

Source: security@apache.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/105373

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201812-07

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3811-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3811-3/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.