Published: 21/07/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

MuPDF up to and including 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex mupdf
fedoraproject fedora 34

Debian Bug report logs - #991402 mupdf: CVE-2021-37220 Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 22 Jul 2021 18:51:01 UTC Severity: important Tags: fixed-upstream, pending, security, upstream Found in ...

MuPDF through 1181 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table This can, for example, be seen with crafted "mutool draw" input ...

CWE-787 https://bugs.ghostscript.com/show_bug.cgi?id=703791 http://git.ghostscript.com/?p=mupdf.git%3Bh=f5712c9949d026e4b891b25837edd2edc166151f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKRMREIYUBGG2GV73CU7BJNW2Q34IP23/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991402 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-37220

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-37220

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect