1. CVE-Search
  2. CVE-2021-37220
ID CVE-2021-37220
Summary MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:0.9.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.4:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.7.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.8.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.12.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.12.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.13.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.13.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.14.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.14.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.15.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.15.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.15.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.15.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.15.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.15.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.15.2:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:artifex:mupdf:1.15.2:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:artifex:mupdf:1.16.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.16.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.16.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.16.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.16.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.16.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.17.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.17.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.17.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.17.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.18.0:-:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.18.0:-:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.18.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.18.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:artifex:mupdf:1.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:mupdf:1.18.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 28-11-2021 - 23:19)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 28-11-2021 - 23:19
Published 21-07-2021 - 22:15
Last modified 28-11-2021 - 23:19
Back to Top