CVE-2018-1000040 — Improper Input Validation in Mupdf

CWE-20 — Improper Input Validation7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 50.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf Debian Linux

Timeline

PublishedMay 24

Latest updateMay 14

Description

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/mupdf< 1.13.0+ds1-1+3

▶NVDartifex/mupdf1.12.0

Also affects: Debian Linux 9.0

Patches

Patch: bugs.chromium.org ↗Patch: bugs.chromium.org ↗

🔴Vulnerability Details

GHSA

GHSA-c4gp-6356-63vc: In MuPDF 1↗2022-05-14

▶

CVEList

CVE-2018-1000040: In Artifex MuPDF 1↗2018-05-24

▶

OSV

CVE-2018-1000040: In Artifex MuPDF 1↗2018-05-24

▶

📋Vendor Advisories

Debian

CVE-2018-1000040: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000040 mupdf: Improper Initialization of values in the PDF parser↗2018-05-24

▶

Bugzilla

CVE-2018-1000036 CVE-2018-1000037 CVE-2018-1000038 CVE-2018-1000039 CVE-2018-1000040 mupdf: various flaws [fedora-all]↗2018-05-24

▶