CVE-2018-20751

HIGH Year: 2018
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-476
View all →

Vulnerability Description

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

Related Vulnerabilities

CVE-2016-3616

HIGH
CVSS:8.8(High)

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

CWE-4762016

CVE-2017-0321

HIGH
CVSS:8.8(High)

All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potent...

CWE-4762017

CVE-2017-11096

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.

CWE-4762017

CVE-2017-11097

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.

CWE-4762017

CVE-2017-11100

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.

CWE-4762017

CVE-2017-11101

HIGH
CVSS:8.8(High)

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.

CWE-4762017