CVE-2019-14975Out-of-bounds Read in Mupdf

CWE-125Out-of-bounds Read7 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 55.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mupdf
Timeline
PublishedAug 14
Latest updateMay 24

Description

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDartifex/mupdf< 1.16.0

🔴Vulnerability Details

2
GHSA
GHSA-hw8w-v2vr-wp7m: Artifex MuPDF before 12022-05-24
CVEList
CVE-2019-14975: Artifex MuPDF before 12019-08-14

📋Vendor Advisories

1
Debian
CVE-2019-14975: mupdf - Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune i...2019

💬Community

3
Bugzilla
CVE-2019-14975 mupdf: a heap-based buffer over-read in fz_chartorune in fitz/string.c could lead to Information Disclosure and/or DoS2019-11-08
Bugzilla
CVE-2019-14975 mupdf: a heap-based buffer over-read in fz_chartorune in fitz/string.c could lead to Information Disclosure and/or DoS [fedora-29]2019-11-08
Bugzilla
CVE-2019-14975 mupdf: a heap-based buffer over-read in fz_chartorune in fitz/string.c could lead to Information Disclosure and/or DoS [fedora-30]2019-11-08
CVE-2019-14975 — Out-of-bounds Read in Artifex Mupdf | cvebase