CVE-2018-1000038
published 2018-05-24CVE-2018-1000038: In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.12.0 | — |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| debian | mupdf | < mupdf 1.13.0+ds1-1 (bookworm) | mupdf 1.13.0+ds1-1 (bookworm) |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH