CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11780

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile31.04th
PublishedSep 17, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

Affected Platforms (CPE)

πŸ“¦
Apache

Spamassassin

< 3.4.2
πŸ“¦
Pdfinfo Project

Pdfinfo

All versions
πŸ’»
Canonical

Ubuntu Linux

= 12.04
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
πŸ”— http://www.securityfocus.com/bid/105373
πŸ”— https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
πŸ”— https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
πŸ”— https://security.gentoo.org/glsa/201812-07
πŸ”— https://usn.ubuntu.com/3811-1/
πŸ”— https://usn.ubuntu.com/3811-3/
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

Related Vulnerabilities

CVE-2020-19469.8

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any...

CVE-2010-11329.3

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote a...

CVE-2020-19318.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files c...

CVE-2020-19308.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) fi...