CVE-2016-8728 - An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of t

CVE-2016-8728

Summary

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242

Vulnerable Configurations

cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-12-2022 - 17:36)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242

Last major update

13-12-2022 - 17:36

Published

24-04-2018 - 19:29

Last modified

13-12-2022 - 17:36