CVE-2020-21896
published 2023-08-22CVE-2020-21896: A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| artifex | mupdf | >= 0 < 1.17.0+ds1-2+deb11u1 | 1.17.0+ds1-2+deb11u1 |
| artifex | mupdf | >= 0 < 1.19.0+ds1-1 | 1.19.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.19.0+ds1-1 | 1.19.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.19.0+ds1-1 | 1.19.0+ds1-1 |
| artifex | mupdf | >= 0 < 1.7a-1ubuntu0.1~esm1 | 1.7a-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm1 | 1.12.0+ds1-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm1 | 1.16.1+ds1-1ubuntu1+esm1 |
| debian | mupdf | < mupdf 1.19.0+ds1-1 (bookworm) | mupdf 1.19.0+ds1-1 (bookworm) |
| github.com | ethereum_go-ethereum | >= 0 < 1.9.25 | 1.9.25 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM