CVE-2018-11780

Name: CVE-2018-11780
Creator: NVD / NIST
Published: 2018-09-17T14:29:00.467+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 10.82%

Last modified Jun 17, 2026

CVE-2018-11780 is a vulnerability of currently unknown severity. A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.. EPSS estimates a 10.82% chance of exploitation in the next 30 days.

Description

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

Metrics

EPSS Probability

10.82%

95.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Apache	Spamassassin	< 3.4.2
Pdfinfo Project	Pdfinfo	All versions
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04
Debian	Debian Linux	8.0

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
http://www.securityfocus.com/bid/105373Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201812-07Third Party Advisory
https://usn.ubuntu.com/3811-1/Third Party Advisory
https://usn.ubuntu.com/3811-3/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
http://www.securityfocus.com/bid/105373Third Party Advisory, VDB Entry
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201812-07Third Party Advisory
https://usn.ubuntu.com/3811-1/Third Party Advisory
https://usn.ubuntu.com/3811-3/Third Party Advisory

Timeline

Published: Sep 17, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-11780?

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

How severe is CVE-2018-11780?

Severity scoring for CVE-2018-11780 is pending analysis. The EPSS model estimates a 10.82% probability of exploitation in the next 30 days.

How do I fix CVE-2018-11780?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-11780?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST