Published: 27/12/2017 Updated: 11/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

pdf/pdf-write.c in Artifex MuPDF prior to 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote malicious users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex mupdf
debian debian linux 9.0

Debian Bug report logs - #885120 mupdf: CVE-2017-17866 Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 Dec 2017 07:45:02 UTC Severity: important Tags: patch, security, upstream Found in versions mupdf/11 ...

Multiple vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer which could result in denial of service or the execution of arbitrary code if malformed documents are opened For the stable distribution (stretch), these problems have been fixed in version 19a+ds1-4+deb9u4 We recommend that you upgrade your mupdf packages For the ...

CWE-119 https://bugs.ghostscript.com/show_bug.cgi?id=698699 http://www.ghostscript.com/cgi-bin/findgit.cgi?520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 https://www.debian.org/security/2018/dsa-4334 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885120 https://nvd.nist.gov https://www.debian.org/security/./dsa-4334

CVE-2017-17866

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect