Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-8674

Published: 15/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Mupdf

Vulnerability Summary

The pdf_to_num function in pdf-object.c in MuPDF prior to 1.10 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted file.

Vulnerable Product Search on Vulmon Subscribe to Product

artifex mupdf

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2017-5896
Debian Bug report logs - #854734 CVE-2017-5896 Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:51:02 UTC Severity: grave Tags: security, upstream Fixed in versions mupdf/19a+ds1-3, mupdf/15-1+deb ...
Debian CVElist Bug Report Logs: mupdf: CVE-2016-8674: heap-use-after-free
Debian Bug report logs - #840957 mupdf: CVE-2016-8674: heap-use-after-free Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 12:54:02 UTC Severity: grave Tags: patch, security, upstream Found in ve ...
Debian Security Advisories: DSA-3797-1 mupdf -- security update
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened For the stable distribution (jessie), these problems have been fixed in version 15-1+deb8u2 For the testing distribution (stretch), these problems have been fixed in version ...

References

CWE-416https://bugzilla.redhat.com/show_bug.cgi?id=1385685https://bugs.ghostscript.com/show_bug.cgi?id=697019https://bugs.ghostscript.com/show_bug.cgi?id=697015https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/http://www.securityfocus.com/bid/93127http://www.openwall.com/lists/oss-security/2016/10/16/8http://www.debian.org/security/2017/dsa-3797http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6echttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854734https://www.debian.org/security/./dsa-3797https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook