CVE-2016-6265 — Use After Free in Mupdf

CWE-416 — Use After Free CWE-352 — Cross-Site Request Forgery9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 34.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf Opensuse Leap Opensuse

Timeline

PublishedSep 22

Latest updateMay 14

Description

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Debianartifex/mupdf< 1.9a+ds1-1.1+3

▶NVDartifex/mupdf1.9

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Patches

Patch: bugs.ghostscript.com ↗Patch: bugs.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqfm-r5w2-p74j: Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref↗2022-05-14

▶

OSV

CVE-2016-6265: Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref↗2016-09-22

▶

CVEList

CVE-2016-6265: Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref↗2016-09-22

▶

📋Vendor Advisories

Red Hat

python-django: CSRF protection bypass on a site with Google Analytics↗2016-09-26

▶

Debian

CVE-2016-6265: mupdf - Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in ...↗2016

▶

💬Community

Bugzilla

CVE-2016-7401 python-django: CSRF protection bypass on a site with Google Analytics↗2016-09-19

▶

Bugzilla

CVE-2016-6265 mupdf: Use after free vulnerability in pdf_xref.c [fedora-all]↗2016-07-22

▶

Bugzilla

CVE-2016-6265 mupdf: Use after free vulnerability in pdf_xref.c↗2016-07-22

▶