CVE-2018-6192Improper Restriction of Operations within the Bounds of a Memory Buffer in Mupdf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 41.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex MupdfDebian Linux
Timeline
PublishedJan 24
Latest updateMay 14

Description

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianartifex/mupdf< 1.13.0+ds1-1+3
NVDartifex/mupdf1.12.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-frp3-7vg6-g629: In Artifex MuPDF 12022-05-14
OSV
CVE-2018-6192: In Artifex MuPDF 12018-01-24
CVEList
CVE-2018-6192: In Artifex MuPDF 12018-01-24

📋Vendor Advisories

1
Debian
CVE-2018-6192: mupdf - In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows...2018

💬Community

2
Bugzilla
CVE-2018-6192 mupdf: Segment violation in pdf_read_new_xref function in pdf/pdf-xref.c2018-01-29
Bugzilla
CVE-2018-6192 mupdf: Segment violation in pdf_read_new_xref function in pdf/pdf-xref.c [fedora-all]2018-01-29
CVE-2018-6192 — Artifex Mupdf vulnerability | cvebase