CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-7321

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile14.67th
Published2019年6月13日
Last Modified2024年11月21日

Vulnerability Description

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

Affected Platforms (CPE)

📦
Artifex

Mupdf

= 1.14.0

References & Advisories

🔗 https://bugs.ghostscript.com/show_bug.cgi?id=700560
🔗 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d
🔗 https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=700560
🔗 https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560

関連する脆弱性情報

CVE-2016-65259.8

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den...

CVE-2011-03419.3

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox ...

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...

CVE-2017-146867.8

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "...