CVE-2018-17141

9.8CRITICAL

Key Information

Vendor: Debian
Status: Debian Linux
Vendor: CVE Published:; 21 September 2018

Summary

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

References

https://lists.debian.org/debian-lts-announce/2018/09/msg0...

mailing-listx_refsource_MLIST

https://seclists.org/bugtraq/2018/Sep/49

mailing-listx_refsource_BUGTRAQ

http://git.hylafax.org/HylaFAX?a=commit%3Bh=c6cac8d8cd0db...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2018
Vulnerability Reserved
Sep 17, 2018

Collectors

NVD DatabaseMitre Database