TROYANOSYVIRUS
Retour aux CVEs

CVE-2018-1000039

MEDIUM
6.3

Description

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

Details CVE

Score CVSS v3.16.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie5/24/2018
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

artifex:mupdf

Faiblesses (CWE)

CWE-416

References

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=4dcc6affe04368461310a21238f7e1871a752a05%3Bhp=8ec561d1bccc46e9db40a9f61310cd8b3763914e(cve@mitre.org)
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995(cve@mitre.org)
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=f597300439e62f5e921f0d7b1e880b5c1a1f1607%3Bhp=093fc3b098dc5fadef5d8ad4b225db9fb124758b(cve@mitre.org)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492(cve@mitre.org)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513(cve@mitre.org)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521(cve@mitre.org)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604(cve@mitre.org)
https://bugs.ghostscript.com/show_bug.cgi?id=698883(cve@mitre.org)
https://bugs.ghostscript.com/show_bug.cgi?id=698888(cve@mitre.org)
https://bugs.ghostscript.com/show_bug.cgi?id=698891(cve@mitre.org)
https://bugs.ghostscript.com/show_bug.cgi?id=698892(cve@mitre.org)
https://bugs.ghostscript.com/show_bug.cgi?id=698901(cve@mitre.org)
https://security.gentoo.org/glsa/201811-15(cve@mitre.org)
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=4dcc6affe04368461310a21238f7e1871a752a05%3Bhp=8ec561d1bccc46e9db40a9f61310cd8b3763914e(af854a3a-2127-422b-91ae-364da2661108)
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995(af854a3a-2127-422b-91ae-364da2661108)
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=f597300439e62f5e921f0d7b1e880b5c1a1f1607%3Bhp=093fc3b098dc5fadef5d8ad4b225db9fb124758b(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.ghostscript.com/show_bug.cgi?id=698883(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.ghostscript.com/show_bug.cgi?id=698888(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.ghostscript.com/show_bug.cgi?id=698891(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.ghostscript.com/show_bug.cgi?id=698892(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.ghostscript.com/show_bug.cgi?id=698901(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201811-15(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.