CVE-2018-16648
published 2018-09-06CVE-2018-16648: In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| artifex | mupdf | >= 0 < 1.14.0+ds1-4 | 1.14.0+ds1-4 |
| artifex | mupdf | >= 0 < 1.14.0+ds1-4 | 1.14.0+ds1-4 |
| artifex | mupdf | >= 0 < 1.14.0+ds1-4 | 1.14.0+ds1-4 |
| artifex | mupdf | >= 0 < 1.14.0+ds1-4 | 1.14.0+ds1-4 |
| artifex | mupdf | >= 0 < 1.7a-1ubuntu0.1~esm1 | 1.7a-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm1 | 1.12.0+ds1-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm1 | 1.16.1+ds1-1ubuntu1+esm1 |
| debian | mupdf | < mupdf 1.14.0+ds1-4 (bookworm) | mupdf 1.14.0+ds1-4 (bookworm) |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM