CVE-2018-10289
published 2018-04-22CVE-2018-10289: In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| artifex | mupdf | >= 0 < 1.13.0+ds1-3 | 1.13.0+ds1-3 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-3 | 1.13.0+ds1-3 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-3 | 1.13.0+ds1-3 |
| artifex | mupdf | >= 0 < 1.13.0+ds1-3 | 1.13.0+ds1-3 |
| artifex | mupdf | >= 0 < 1.7a-1ubuntu0.1~esm1 | 1.7a-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm1 | 1.12.0+ds1-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm1 | 1.16.1+ds1-1ubuntu1+esm1 |
| debian | debian_linux | — | — |
| debian | mupdf | < mupdf 1.13.0+ds1-3 (bookworm) | mupdf 1.13.0+ds1-3 (bookworm) |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM