CVE-2016-8729Improper Restriction of Operations within the Bounds of a Memory Buffer in Software INC Mupdf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 32.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Artifex Jbig2decArtifex Software INC MupdfArtifex Mupdf
Timeline
PublishedApr 24
Latest updateMay 13

Description

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianartifex/jbig2dec< 0.13-4+3
NVDartifex/mupdf1.9
CVEListV5artifex_software_inc/mupdf1.10 RC2, 1.9+1

🔴Vulnerability Details

3
GHSA
GHSA-2cj5-5xv9-px48: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 12022-05-13
CVEList
CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 12018-04-24
OSV
CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 12018-04-24

📋Vendor Advisories

1
Debian
CVE-2016-8729: jbig2dec - An exploitable memory corruption vulnerability exists in the JBIG2 parser of Art...2016

💬Community

2
Bugzilla
CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities2017-05-19
Bugzilla
CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities [fedora-all]2017-05-19
CVE-2016-8729 — Software INC Mupdf vulnerability | cvebase