CVE-2016-8728 — Out-of-bounds Write in Software INC Mupdf

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Software INC Mupdf Artifex Mupdf

Timeline

PublishedApr 24

Latest updateMay 13

Description

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDartifex/mupdf1.10

▶CVEListV5artifex_software_inc/mupdf1.10-rc1

🔴Vulnerability Details

GHSA

GHSA-88g7-mv6v-2x85: An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer↗2022-05-13

▶

CVEList

CVE-2016-8728: An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer↗2018-04-24

▶

📋Vendor Advisories

Debian

CVE-2016-8728: mupdf - An exploitable heap out of bounds write vulnerability exists in the Fitz graphic...↗2016

▶

💬Community

Bugzilla

CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities↗2017-05-19

▶

Bugzilla

CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities [fedora-all]↗2017-05-19

▶