5.5

CVE-2018-18662

Exploit
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexMupdf Version1.14.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.61% 0.727
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
http://www.securityfocus.com/bid/105755
Third Party Advisory
VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=700043
Third Party Advisory
Exploit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=164ddc22ee0d5b63a81d5148f44c37dd132a9356
https://github.com/TeamSeri0us/pocs/tree/master/mupdf
Third Party Advisory
Exploit