Launchpad.net

CVE 2018-11780

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

See the CVE page on Mitre.org for more details.