Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-14686  

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

Source
Severity High

Remote No

Type Arbitrary code execution

Description 

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

AVG-476 zathura-pdf-mupdf 0.3.1-3 0.3.1-4 High Fixed

AVG-458 libmupdf, mupdf, mupdf-gl, mupdf-tools 1.11-4 1.11-5 High Fixed

01 Nov 2017 ASA-201711-5 AVG-476 zathura-pdf-mupdf High arbitrary code execution

01 Nov 2017 ASA-201711-4 AVG-458 mupdf High arbitrary code execution

01 Nov 2017 ASA-201711-3 AVG-458 mupdf-tools High arbitrary code execution

01 Nov 2017 ASA-201711-2 AVG-458 libmupdf High arbitrary code execution

01 Nov 2017 ASA-201711-1 AVG-458 mupdf-gl High arbitrary code execution 

http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
https://bugs.ghostscript.com/show_bug.cgi?id=698540

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started