1. CVE-Search
  2. CVE-2017-15369
ID CVE-2017-15369
Summary The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 07-11-2017 - 13:20)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm
Last major update 07-11-2017 - 13:20
Published 16-10-2017 - 01:29
Last modified 07-11-2017 - 13:20
Back to Top