Lucene search

Arch LinuxASA-201608-22

HistoryAug 30, 2016 - 12:00 a.m.

mupdf: arbitrary code execution

2016-08-3000:00:00

Arch Linux

lists.archlinux.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.5%

JSON

Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within
the pdf_load_mesh_params function, allowing an attacker to cause an
application crash (denial-of-service), or potentially to execute
arbitrary code with the privileges of the user running MuPDF, if a
specially crafted PDF file is processed.

OSVersionArchitecturePackageVersionFilename
anyanyanymupdf< 1.9a-5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	mupdf	< 1.9a-5	UNKNOWN

References

bugs.ghostscript.com/show_bug.cgi?id=696954

git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e;hp=fa1936405b6a84e5c9bb440912c23d532772f958

security-tracker.debian.org/tracker/CVE-2016-6525

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.5%

JSON

Related for ASA-201608-22