CVE-2021-37220
published 2021-07-21CVE-2021-37220: MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.18.1 | — |
| artifex | mupdf | >= 0 < 1.17.0+ds1-2 | 1.17.0+ds1-2 |
| artifex | mupdf | >= 0 < 1.17.0+ds1-2 | 1.17.0+ds1-2 |
| artifex | mupdf | >= 0 < 1.17.0+ds1-2 | 1.17.0+ds1-2 |
| artifex | mupdf | >= 0 < 1.17.0+ds1-2 | 1.17.0+ds1-2 |
| artifex | mupdf | >= 0 < 1.7a-1ubuntu0.1~esm1 | 1.7a-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm1 | 1.12.0+ds1-1ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm1 | 1.16.1+ds1-1ubuntu1+esm1 |
| debian | mupdf | < mupdf 1.17.0+ds1-2 (bookworm) | mupdf 1.17.0+ds1-2 (bookworm) |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM