CVEブラウザに戻る

CVE-2012-5340

HIGH

7.8

CVSS Severity Score

EPSS Score0.1330%

EPSS Percentile23.78th

Published2020年1月23日

Last Modified2024年11月21日

Vulnerability Description

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

Affected Platforms (CPE)

📦

Sumatrapdfreader

Sumatrapdf

= 2.1.1

📦

Artifex

Mupdf

= 1.0

📦

Artifex

Mupdf

= 1.1

References & Advisories

🔗 http://www.exploit-db.com/exploits/23246

🔗 https://bugs.ghostscript.com/show_bug.cgi?id=693371

🔗 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9

🔗 http://www.exploit-db.com/exploits/23246

関連する脆弱性情報

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...

CVE-2012-48959.3

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, ...

CVE-2012-48969.3

Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, ...

CVE-2013-28307.8

Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted...