5.5

CVE-2018-1000040

Exploit
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexMupdf Version <= 1.12.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.47% 0.704
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201811-15
Third Party Advisory
https://www.debian.org/security/2018/dsa-4334
Third Party Advisory
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=83d4dae44c71816c084a635550acc1a51529b881%3Bhp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5596
Exploit
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5600
Exploit
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603
Exploit
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609
Patch
Third Party Advisory
Exploit
Issue Tracking
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610
Exploit
Issue Tracking
https://bugs.ghostscript.com/show_bug.cgi?id=698904
https://bugs.ghostscript.com/show_bug.cgi?id=699086
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ace9e69017c08e1e4ce5912014177414c0382004