Lucene search

K

14 matches found

CVE
CVE
added 2017/02/15 6:59 a.m.97 views

CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

7.5CVSS7.2AI score0.19338EPSS
CVE
CVE
added 2017/03/15 2:59 p.m.93 views

CVE-2017-6060

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.03291EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.91 views

CVE-2017-5896

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

5.5CVSS6.1AI score0.00405EPSS
CVE
CVE
added 2017/10/18 8:29 a.m.73 views

CVE-2017-15587

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

7.8CVSS6.2AI score0.00236EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.62 views

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/...

7.8CVSS7AI score0.00212EPSS
CVE
CVE
added 2017/02/15 9:59 p.m.60 views

CVE-2016-8674

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

5.5CVSS5.8AI score0.00225EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.58 views

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF do...

7.8CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.55 views

CVE-2017-14687

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name c...

7.8CVSS7AI score0.00233EPSS
CVE
CVE
added 2017/10/16 1:29 a.m.55 views

CVE-2017-15369

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified...

7.8CVSS6.5AI score0.002EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.54 views

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check wh...

7.8CVSS7AI score0.00611EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.53 views

CVE-2016-10246

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.8AI score0.00285EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.53 views

CVE-2016-10247

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.5AI score0.0031EPSS
CVE
CVE
added 2017/04/03 5:59 a.m.50 views

CVE-2016-10221

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

5.5CVSS5.2AI score0.00198EPSS
CVE
CVE
added 2017/03/26 5:59 a.m.48 views

CVE-2017-7264

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS7.9AI score0.00065EPSS