Published: 15/03/2017 Updated: 18/04/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote malicious users to have unspecified impact via a crafted image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex mupdf 1.10a
debian debian linux 9.0

A stack-based buffer overflow has been discovered in jstest_mainc in mujstest in Artifex Software, Inc MuPDF 110a that allows remote attackers to case a denial of service or possibly execute arbitrary code via a specially crafted image ...

Source: seclistsorg/oss-sec/2017/q1/458 Description: Mujstest, which is part of mupdf is a scriptable tester for mupdf + js A crafted image posted early for another issue, causes a stack overflow The complete ASan output: # mujstest $FILE ==32127==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff29560b00 at pc 0x000000 ...

CWE-787 https://bugs.ghostscript.com/show_bug.cgi?id=697551 https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/http://www.openwall.com/lists/oss-security/2017/02/18/1 http://www.securityfocus.com/bid/96266 https://security.gentoo.org/glsa/201706-08 https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html https://nvd.nist.gov https://www.exploit-db.com/exploits/42139/https://security.archlinux.org/CVE-2017-6060

CVE-2017-6060

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect