7.8

CVE-2017-6060

Exploit
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexMupdf Version1.10a
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.8% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/201706-08
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/18/1
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/96266
Broken Link
https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/
Third Party Advisory
Exploit
VDB Entry
Issue Tracking
https://bugs.ghostscript.com/show_bug.cgi?id=697551
Third Party Advisory
Exploit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=06a012a42c9884e3cd653e7826cff1ddec04eb6e
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14
https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html
Third Party Advisory
Mailing List