Memory corruption

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to...

CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to...

CVE-2016-8729

CVE-2016-8729 is an exploitable memory corruption in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative value to be passed to memset, leading to memory corruption and potential code execution. The issue is documented across multiple sources (NVD, Debian Ubuntu OSV...

CVE-2016-8728

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs ...

CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to...

CVE-2016-8728

The CVE-2016-8728 entry relates to Artifex MuPDF’s Fitz library, where a heap out-of-bounds write in the Fitz graphical code can be triggered by opening a specially crafted PDF in a vulnerable MuPDF reader, leading to heap metadata corruption and potential code execution. Public documents confirm...

Artifex Software MuPDF Denial of Service Vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A security vulnerability exists in the 'fzskipspace' function in the pdf/pdf-xref.c file in Artifex Software MuPDF version 1.13.0. A remote attacker can exploit this vulnerability to cause a denial of service wit...

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

Design/Logic Flaw

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

DEBIAN-CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

UBUNTU-CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

CVE-2018-10289

MuPDF 1.13.0 is affected by an infinite loop in fz_skip_space (pdf/pdf-xref.c) that can be exploited by a crafted PDF to cause a denial of service. Connected advisories confirm this CVE (CVE-2018-10289) and note mitigations/upgrades. Debian DLA-2765 states the fix is in mupdf 1.14.0+ds1-4+deb9u1;...

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fzskipspace function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file...

PT-2018-9803 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.13.0 Description: The issue is related to an infinite loop in the fz skip space function of the pdf/pdf-xref.c file. This could allow a remote adversary to cause a denial of service via a crafted pdf file. Recommendations: For...

mupdf/pdf_fuzzer: Heap-use-after-free in fz_drop_imp

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5782684270854144 Project: mupdf Fuzzer: aflmupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: aflasanmupdf Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x6080000005a0...

mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_drop_imp

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5667955980369920 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

Debian DSA-4152-1 : mupdf - security update

Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases,...