CVE-2014-2013
published 2014-03-03CVE-2014-2013: Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
EXPLOIT
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.3 | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | >= 0 < 1.3-2 | 1.3-2 |
| artifex | mupdf | >= 0 < 1.3-2 | 1.3-2 |
| artifex | mupdf | >= 0 < 1.3-2 | 1.3-2 |
| artifex | mupdf | >= 0 < 1.3-2 | 1.3-2 |
| debian | mupdf | < mupdf 1.3-2 (bookworm) | mupdf 1.3-2 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.6 | 2.19-0ubuntu6.6 |
| jenkins | certain_pages_in_monitoring_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | monitoring_plugin | — | — |
| jenkins | user_of_monitoring_plugin | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH