Artifex Mupdf vulnerabilities

CVE-2018-10289 [MEDIUM] CWE-835 CVE-2018-10289: In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVE-2018-1000051 [HIGH] CWE-416 CVE-2018-1000051: Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that ca Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

CVE-2018-6544 [MEDIUM] CWE-674 CVE-2018-6544: pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursi pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

CVE-2018-6187 [MEDIUM] CWE-787 CVE-2018-6187: In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_docu In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

CVE-2018-6192 [MEDIUM] CWE-119 CVE-2018-6192: In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

CVE-2017-17858 [HIGH] CWE-119 CVE-2017-17858: Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

CVE-2018-5686 [MEDIUM] CWE-835 CVE-2018-5686: In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVE-2017-17866 [HIGH] CWE-119 CVE-2017-17866: pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair opera pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.

CVE-2017-15587 [HIGH] CWE-190 CVE-2017-15587: An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

CVE-2017-15369 [HIGH] CWE-416 CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.

CVE-2017-14685 [HIGH] CWE-119 CVE-2017-14685: Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be lo

CVE-2017-14687 [HIGH] CWE-119 CVE-2017-14687: Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.

CVE-2017-14686 [HIGH] CWE-119 CVE-2017-14686: Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a cra Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

CVE-2016-10221 [MEDIUM] CWE-119 CVE-2016-10221: The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attack The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

CVE-2017-7264 [MEDIUM] CWE-416 CVE-2017-7264: Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1 Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

CVE-2016-10247 [MEDIUM] CWE-787 CVE-2016-10247: Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. Mu Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

CVE-2016-10246 [MEDIUM] CWE-787 CVE-2016-10246: Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF be Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

CVE-2017-6060 [HIGH] CWE-787 CVE-2017-6060: Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allow Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

CVE-2017-5991 [HIGH] CWE-476 CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_ru An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

CVE-2017-5896 [MEDIUM] CWE-125 CVE-2017-5896: Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allow Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.