CVE-2016-10221

Published: Apr 3, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

Affected (1)

Products: Artifex: Mupdf

Artifex

1 product

Mupdf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Mupdf	Version 1.10a

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (5)

http://www.ghostscript.com/cgi-bin/findgit.cgi?2590fed7a355a421f062ebd4293df892800fa7ac

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=697400

Source: cve@mitre.org

ExploitIssue Tracking

https://security.gentoo.org/glsa/201706-08

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=697400

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://security.gentoo.org/glsa/201706-08

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.