CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-14686

HIGH
7.8
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile14.08th
Published2017年9月22日
Last Modified2026年5月13日

Vulnerability Description

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

Affected Platforms (CPE)

📦
Artifex

Mupdf

= 1.11

References & Advisories

🔗 http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
🔗 http://www.debian.org/security/2017/dsa-4006
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698540
🔗 https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686
🔗 http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
🔗 http://www.debian.org/security/2017/dsa-4006
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698540
🔗 https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686

相关漏洞威胁

CVE-2016-65259.8

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den...

CVE-2019-73219.8

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability ...

CVE-2011-03419.3

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox ...

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...