5.5
CVE-2018-1000037
- EPSS 1.55%
- Veröffentlicht 24.05.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.55% | 0.719 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://security.gentoo.org/glsa/201811-15
https://www.debian.org/security/2018/dsa-4334
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp=de39f005f12a1afc6973c1f5cec362d6545f70cb
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp=f51836b9732c38d945b87fda0770009a77ba680c
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564
https://bugs.ghostscript.com/show_bug.cgi?id=698882
https://bugs.ghostscript.com/show_bug.cgi?id=698886
https://bugs.ghostscript.com/show_bug.cgi?id=698888
https://bugs.ghostscript.com/show_bug.cgi?id=698890