Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-2013

Published: 03/03/2014 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mupdf

Vulnerability Summary

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and previous versions allows remote malicious users to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

Vulnerable Product Search on Vulmon Subscribe to Product

artifex mupdf 1.0

artifex mupdf 1.2

artifex mupdf 1.1

artifex mupdf

Vendor Advisories

Debian CVElist Bug Report Logs: mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color()
Debian Bug report logs - #738857 mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color() Package: mupdf; Maintainer for mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Source for mupdf is src:mupdf (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 13 Feb 2014 15:03 ...
Debian Security Advisories: DSA-2951-1 mupdf -- security update
It was discovered that a buffer overflow in the MuPDF viewer might lead to the execution of arbitrary code For the stable distribution (wheezy), this problem has been fixed in version 09-2+deb7u2 For the testing distribution (jessie), this problem has been fixed in version 13-2 For the unstable distribution (sid), this problem has been fixed i ...

Exploits

Exploit DB: MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow
============================================================= 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color() ============================================================= # Date of discovery: 2013-01-26 # Software Links: wwwmupdfcom/ ; enwikipediaorg/wiki/MuPDF # Version: <= 13 # Author: Jean-Jamil Khalife # Tes ...

References

CWE-119http://seclists.org/oss-sec/2014/q1/375http://bugs.ghostscript.com/show_bug.cgi?id=694957http://www.hdwsec.fr/blog/mupdf.htmlhttp://lists.opensuse.org/opensuse-updates/2014-02/msg00088.htmlhttp://seclists.org/fulldisclosure/2014/Jan/130http://secunia.com/advisories/58904http://www.securityfocus.com/bid/65036http://www.osvdb.org/102340http://www.exploit-db.com/exploits/31090http://www.debian.org/security/2014/dsa-2951http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafchttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738857https://nvd.nist.govhttps://www.exploit-db.com/exploits/31090/https://www.debian.org/security/./dsa-2951
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook