CVE-2018-16648 - In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cau

CVE-2018-16648

Summary

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

References

Vulnerable Configurations

cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 26-07-2020 - 00:15)
Impact:
Exploitability:

CWE

CWE-129

CAPEC

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc	https://bugs.ghostscript.com/show_bug.cgi?id=699685
mlist	[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update

Last major update

26-07-2020 - 00:15

Published

06-09-2018 - 23:29

Last modified

26-07-2020 - 00:15