Vulnerability CVE-2018-16647: Information

Description

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16647
Published: Sept. 7, 2018
Modified: July 26, 2020
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mupdfsisyphus1.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp101.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp91.18.0-alt11.18.0-alt1ALT-PU-2020-3484-1263155Fixed
mupdfc10f11.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp111.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.ghostscript.com/show_bug.cgi?id=699686
  • Exploit
  • Third Party Advisory
[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update

      1. Configuration 1

        cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top