CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7321

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile14.67th
PublishedJun 13, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

Affected Platforms (CPE)

πŸ“¦
Artifex

Mupdf

= 1.14.0

References & Advisories

πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=700560
πŸ”— https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d
πŸ”— https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=700560
πŸ”— https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560

Related Vulnerabilities

CVE-2016-65259.8

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den...

CVE-2011-03419.3

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox ...

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...

CVE-2017-146867.8

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "...