Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-5991

Published: 15/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mupdf

Vulnerability Summary

An issue exists in Artifex MuPDF prior to 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

artifex mupdf

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2017-5896
Debian Bug report logs - #854734 CVE-2017-5896 Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 9 Feb 2017 22:51:02 UTC Severity: grave Tags: security, upstream Fixed in versions mupdf/19a+ds1-3, mupdf/15-1+deb ...
Debian Security Advisories: DSA-3797-1 mupdf -- security update
Multiple vulnerabilities have been found in the PDF viewer MuPDF, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened For the stable distribution (jessie), these problems have been fixed in version 15-1+deb8u2 For the testing distribution (stretch), these problems have been fixed in version ...

Exploits

Exploit DB: Artifex MuPDF - Null Pointer Dereference
Source: bugsghostscriptcom/show_bugcgi?id=697500 POC to trigger null pointer dereference (mutool) After some fuzz testing I found a crashing test case Git HEAD: 8eea208e099614487e4bd7cc0d67d91489dae642 To reproduce: mutool convert -F cbz nullptr_fz_paint_pixmap_with_mask -o /dev/null ASAN: ==1406==ERROR: AddressSanitizer: SEGV on ...

References

CWE-476https://bugs.ghostscript.com/show_bug.cgi?id=697500http://www.securityfocus.com/bid/96213https://security.gentoo.org/glsa/201706-08https://www.exploit-db.com/exploits/42138/http://www.debian.org/security/2017/dsa-3797http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854734https://www.debian.org/security/./dsa-3797https://nvd.nist.govhttps://www.exploit-db.com/exploits/42138/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook