ID CVE-2017-15369
Summary The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:mupdf:1.11
    cpe:2.3:a:artifex:mupdf:1.11
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-267F37C544.NASL
    description CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-02-01
    plugin id 104976
    published 2017-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104976
    title Fedora 26 : mupdf (2017-267f37c544)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A1AD512B22.NASL
    description CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-02-02
    plugin id 105942
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105942
    title Fedora 27 : mupdf (2017-a1ad512b22)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-89.NASL
    description This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed : - CVE-2018-5686: Prevent infinite loop in pdf_parse_array function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file (bsc#1075936). - CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c mishandled a case where a variable may reside in a register, which allowed remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1063413). - CVE-2017-15587: Prevent integer overflow in pdf_read_new_xref_section that allowed for DoS (bsc#1064027). - CVE-2017-17866: Fixed mishandling of length changes when a repair operation occured during a clean operation, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1074116). - CVE-2017-17858: Fixed a heap-based buffer overflow in the ensure_solid_xref function which allowed a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers were unrestricted (bsc#1077161). For non-security changes please refer to the changelog.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 106358
    published 2018-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106358
    title openSUSE Security Update : mupdf (openSUSE-2018-89)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9AE6E39BDE.NASL
    description CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-02-02
    plugin id 105132
    published 2017-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105132
    title Fedora 25 : mupdf (2017-9ae6e39bde)
refmap via4
confirm
Last major update 15-10-2017 - 21:29
Published 15-10-2017 - 21:29
Last modified 07-11-2017 - 08:20
Back to Top