CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-6525

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile0.74th
Published2016年9月22日
Last Modified2026年5月6日

Vulnerability Description

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

Affected Platforms (CPE)

💻
Debian

Debian Linux

= 8.0
📦
Artifex

Mupdf

<= 1.9

References & Advisories

🔗 http://bugs.ghostscript.com/show_bug.cgi?id=696954
🔗 http://git.ghostscript.com/?p=mupdf.git%3Bh=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
🔗 http://www.debian.org/security/2016/dsa-3655
🔗 http://www.openwall.com/lists/oss-security/2016/08/03/8
🔗 http://www.securityfocus.com/bid/92266
🔗 https://security.gentoo.org/glsa/201702-12
🔗 http://bugs.ghostscript.com/show_bug.cgi?id=696954
🔗 http://git.ghostscript.com/?p=mupdf.git%3Bh=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e

関連する脆弱性情報

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...