cbcvebase.
CVE-2016-6525
published 2016-09-22

CVE-2016-6525: Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

Affected

7 ranges
VendorProductVersion rangeFixed in
artifexmupdf<= 1.9
artifexmupdf>= 0 < 1.9a+ds1-1.21.9a+ds1-1.2
artifexmupdf>= 0 < 1.9a+ds1-1.21.9a+ds1-1.2
artifexmupdf>= 0 < 1.9a+ds1-1.21.9a+ds1-1.2
artifexmupdf>= 0 < 1.9a+ds1-1.21.9a+ds1-1.2
debiandebian_linux
debianmupdf< mupdf 1.9a+ds1-1.2 (bookworm)mupdf 1.9a+ds1-1.2 (bookworm)

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL