CVE-2018-11780 – Gentoo Linux Security Advisory 201812-07

https://notcve.org/view.php?id=CVE-2018-11780

17 Sep 2018 — A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. Existe un error potencial de ejecución remota de código en el plugin PDFInfo en Apache SpamAssassin en versiones anteriores a la 3.4.2. It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •