CVE-2017-17858Improper Restriction of Operations within the Bounds of a Memory Buffer in Mupdf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
7.8HIGHNVD
EPSS
5.1%
top 10.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mupdf
Timeline
PublishedJan 22
Latest updateMay 14

Description

Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Alpineartifex/mupdf< 1.13-r0+4
NVDartifex/mupdf1.12.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-fh5j-8x7v-7wjq: Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref2022-05-14
CVEList
CVE-2017-17858: Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref2018-01-22
OSV
CVE-2017-17858: Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref2018-01-22

📋Vendor Advisories

1
Debian
CVE-2017-17858: mupdf - Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c i...2017

💬Community

2
Bugzilla
CVE-2017-17858 mupdf: Heap-based buffer overflow in pdf/pdf-xref.c:ensure_solid_xref() could allow an attacker to execute arbitrary code via a crafted PDF file [fedora-all]2018-01-24
Bugzilla
CVE-2017-17858 mupdf: Heap-based buffer overflow in pdf/pdf-xref.c:ensure_solid_xref() could allow an attacker to execute arbitrary code via a crafted PDF file2018-01-24
CVE-2017-17858 — Artifex Mupdf vulnerability | cvebase