ID CVE-2017-5991
Summary An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-04-2022 - 17:58)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 96213
confirm
debian DSA-3797
exploit-db 42138
gentoo GLSA-201706-08
Last major update 18-04-2022 - 17:58
Published 15-02-2017 - 06:59
Last modified 18-04-2022 - 17:58
Back to Top