CVE-2020-26519

Published: Oct 2, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

Affected (5)

Products: Artifex: Mupdf · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Mupdf	Before 1.18.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (14)

http://git.ghostscript.com/?p=mupdf.git%3Ba=commit%3Bh=af1e390a2c7abceb32676ec684cd1dbb92907ce8

Source: cve@mitre.org

https://bugs.ghostscript.com/show_bug.cgi?id=702937

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOF4PX2A5TGKKPMXINADSOJJ4H5UUMKK/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJMBKWVY7ZBIQV3EU5YHEFH5XWV4PABG/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202105-30

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4794

Source: cve@mitre.org

Third Party Advisory

http://git.ghostscript.com/?p=mupdf.git%3Ba=commit%3Bh=af1e390a2c7abceb32676ec684cd1dbb92907ce8