CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000051

HIGH
7.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile8.62th
PublishedFeb 9, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Affected Platforms (CPE)

πŸ“¦
Artifex

Mupdf

= 1.12.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=698825
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=698873
πŸ”— https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=321ba1de287016b0036bf4a56ce774ad11763384
πŸ”— https://security.gentoo.org/glsa/201811-15
πŸ”— https://www.debian.org/security/2018/dsa-4152
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=698825
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=698873
πŸ”— https://security.gentoo.org/glsa/201811-15

Related Vulnerabilities

CVE-2016-65259.8

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den...

CVE-2019-73219.8

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability ...

CVE-2011-03419.3

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox ...

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...

CVE-2018-1000051 Detail & Impact Analysis | CVSS 7.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space