← Back to CVEs

CVE-2017-14685

N/A

Description

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.

CVE Details

CVSS v3.1 ScoreN/A

Published9/22/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

artifex:mupdfmicrosoft:windows

Weaknesses (CWE)

CWE-119

References

http://git.ghostscript.com/?p=mupdf.git%3Bh=ab1a420613dec93c686acbee2c165274e922f82a(cve@mitre.org)

http://www.debian.org/security/2017/dsa-4006(cve@mitre.org)

https://bugs.ghostscript.com/show_bug.cgi?id=698539(cve@mitre.org)

https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14685(cve@mitre.org)

http://git.ghostscript.com/?p=mupdf.git%3Bh=ab1a420613dec93c686acbee2c165274e922f82a(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2017/dsa-4006(af854a3a-2127-422b-91ae-364da2661108)

https://bugs.ghostscript.com/show_bug.cgi?id=698539(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14685(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.