CVE-2016-10221Improper Restriction of Operations within the Bounds of a Memory Buffer in Mupdf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 58.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mupdf
Timeline
PublishedApr 3
Latest updateMay 17

Description

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDartifex/mupdf1.10a

🔴Vulnerability Details

2
GHSA
GHSA-jwjv-fmrc-5c85: The count_entries function in pdf-layer2022-05-17
CVEList
CVE-2016-10221: The count_entries function in pdf-layer2017-04-03

📋Vendor Advisories

1
Debian
CVE-2016-10221: mupdf - The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a ...2016

💬Community

2
Bugzilla
CVE-2016-10221 mupdf: count_entries function in pdf-layer.c allows stack consumption2017-04-06
Bugzilla
CVE-2016-10221 mupdf: count_entries function in pdf-layer.c allows stack consumption [fedora-all]2017-04-06
CVE-2016-10221 — Artifex Mupdf vulnerability | cvebase