Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-5991NULL Pointer Dereference in Mupdf

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
7.5HIGHNVD
EPSS
17.6%
top 4.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Artifex MupdfDebian Linux
Timeline
PublishedFeb 15
Latest updateMay 13

Description

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDartifex/mupdf< 1.11
Debianartifex/mupdf< 1.9a+ds1-4+3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-j28p-v5hh-q229: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d4652022-05-13
OSV
CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d4652017-02-15
CVEList
CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d4652017-02-15

💥Exploits & PoCs

1
Exploit-DB
Artifex MuPDF - Null Pointer Dereference2017-06-07

📋Vendor Advisories

1
Debian
CVE-2017-5991: mupdf - An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3a...2017

💬Community

2
Bugzilla
CVE-2017-5991 mupdf: NULL pointer dereference in the pdf_run_xobject function [fedora-all]2017-03-07
Bugzilla
CVE-2017-5991 mupdf: NULL pointer dereference in the pdf_run_xobject function2017-03-07
CVE-2017-5991 — NULL Pointer Dereference in Mupdf | cvebase