CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1000051

HIGH
7.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile8.62th
Published2018年2月9日
Last Modified2024年11月21日

Vulnerability Description

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Affected Platforms (CPE)

📦
Artifex

Mupdf

= 1.12.0
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698825
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698873
🔗 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=321ba1de287016b0036bf4a56ce774ad11763384
🔗 https://security.gentoo.org/glsa/201811-15
🔗 https://www.debian.org/security/2018/dsa-4152
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698825
🔗 https://bugs.ghostscript.com/show_bug.cgi?id=698873
🔗 https://security.gentoo.org/glsa/201811-15

相关漏洞威胁

CVE-2016-65259.8

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den...

CVE-2019-73219.8

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability ...

CVE-2011-03419.3

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox ...

CVE-2009-41179.3

Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, a...