ID CVE-2016-6265
Summary Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 92071
confirm
debian DSA-3655
gentoo GLSA-201702-12
mlist [oss-security] 20160721 Re: mupdf library use after free
suse openSUSE-SU-2016:1926
Last major update 30-10-2018 - 16:27
Published 22-09-2016 - 15:59
Last modified 30-10-2018 - 16:27
Back to Top