cbcvebase.
CVE-2018-16647
published 2018-09-06

CVE-2018-16647: In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in…

medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

Affected

9 ranges
VendorProductVersion rangeFixed in
artifexmupdf
artifexmupdf>= 0 < 1.14.0+ds1-41.14.0+ds1-4
artifexmupdf>= 0 < 1.14.0+ds1-41.14.0+ds1-4
artifexmupdf>= 0 < 1.14.0+ds1-41.14.0+ds1-4
artifexmupdf>= 0 < 1.14.0+ds1-41.14.0+ds1-4
artifexmupdf>= 0 < 1.7a-1ubuntu0.1~esm11.7a-1ubuntu0.1~esm1
artifexmupdf>= 0 < 1.12.0+ds1-1ubuntu0.1~esm11.12.0+ds1-1ubuntu0.1~esm1
artifexmupdf>= 0 < 1.16.1+ds1-1ubuntu1+esm11.16.1+ds1-1ubuntu1+esm1
debianmupdf< mupdf 1.14.0+ds1-4 (bookworm)mupdf 1.14.0+ds1-4 (bookworm)

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM