CVE-2018-16648

Published: Sep 6, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

Affected (1)

Products: Artifex: Mupdf

Artifex

1 product

Mupdf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Mupdf	Version 1.13.0

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (5)

https://bugs.ghostscript.com/show_bug.cgi?id=699685

Source: cve@mitre.org

ExploitThird Party Advisory

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=699685

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.