CVE-2018-1000039
published 2018-05-24CVE-2018-1000039: In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or…
medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.12.0 | — |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-1 | 1.13.0+ds1-1 |
| debian | mupdf | < mupdf 1.13.0+ds1-1 (bookworm) | mupdf 1.13.0+ds1-1 (bookworm) |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
osv6.3MEDIUM