CVE-2018-1000037 — Improper Input Validation in Mupdf

CWE-20 — Improper Input Validation7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 46.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf Debian Linux

Timeline

PublishedMay 24

Latest updateMay 14

Description

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/mupdf< 1.13.0+ds1-1+3

▶NVDartifex/mupdf1.12.0

Also affects: Debian Linux 9.0

Patches

Patch: bugs.chromium.org ↗Patch: bugs.chromium.org ↗Patch: bugs.chromium.org ↗

🔴Vulnerability Details

GHSA

GHSA-c9gq-c7g6-cr8x: In MuPDF 1↗2022-05-14

▶

OSV

CVE-2018-1000037: In Artifex MuPDF 1↗2018-05-24

▶

CVEList

CVE-2018-1000037: In Artifex MuPDF 1↗2018-05-24

▶

📋Vendor Advisories

Debian

CVE-2018-1000037: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF pa...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000037 mupdf: multiple reachable assertions in the PDF parser↗2018-05-24

▶

Bugzilla

CVE-2018-1000036 CVE-2018-1000037 CVE-2018-1000038 CVE-2018-1000039 CVE-2018-1000040 mupdf: various flaws [fedora-all]↗2018-05-24

▶