CVE-2019-13290
published 2019-07-04CVE-2019-13290: Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| artifex | mupdf | >= 0 < 1.15.0+ds1-1 | 1.15.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.15.0+ds1-1 | 1.15.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.15.0+ds1-1 | 1.15.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.15.0+ds1-1 | 1.15.0+ds1-1 |
| debian | mupdf | < mupdf 1.15.0+ds1-1 (bookworm) | mupdf 1.15.0+ds1-1 (bookworm) |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH