Veracode Vulnerability DatabaseVERACODE:28433Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
mupdf is vulnerable to denial of service. A NULL pointer dereference in the pdf_run_xobject function in pdf-op-run.c during a Fitz fz_paint_pixmap_with_mask painting operation allows an attacker to crash the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mupdf:stretch | eq | 1.9a+ds1-4+deb9u4 | |
| mupdf:stretch | eq | 1.9a+ds1-4+deb9u4 |
References
git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
www.debian.org/security/2017/dsa-3797
www.securityfocus.com/bid/96213
bugs.ghostscript.com/show_bug.cgi?id=697500
security-tracker.debian.org/tracker/CVE-2017-5991
security.gentoo.org/glsa/201706-08
www.exploit-db.com/exploits/42138/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P