CVE-2020-19609Out-of-bounds Write in Mupdf

CWE-787Out-of-bounds Write5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 45.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex MupdfDebian Linux
Timeline
PublishedJul 21
Latest updateMay 24

Description

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDartifex/mupdf< 1.18.0
Debianartifex/mupdf< 1.17.0+ds1-2+3

Also affects: Debian Linux 9.0

Patches

Patch: bugs.ghostscript.comPatch: bugs.ghostscript.com

🔴Vulnerability Details

3
GHSA
GHSA-r2v7-h6q9-p4m3: Artifex MuPDF before 12022-05-24
CVEList
CVE-2020-19609: Artifex MuPDF before 12021-07-21
OSV
CVE-2020-19609: Artifex MuPDF before 12021-07-21

📋Vendor Advisories

1
Debian
CVE-2020-19609: mupdf - Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_co...2020
CVE-2020-19609 — Out-of-bounds Write in Artifex Mupdf | cvebase