Summary
Detail | |||
---|---|---|---|
Vendor | Artifex | First view | 2011-05-13 |
Product | Mupdf | Last view | 2024-02-05 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2024-02-05 | CVE-2024-24259 | freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. |
7.5 | 2024-02-05 | CVE-2024-24258 | freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. |
7.5 | 2023-12-26 | CVE-2023-51107 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c. |
7.5 | 2023-12-26 | CVE-2023-51106 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. |
7.5 | 2023-12-26 | CVE-2023-51105 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. |
7.5 | 2023-12-26 | CVE-2023-51104 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. |
7.5 | 2023-12-26 | CVE-2023-51103 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c. |
5.5 | 2023-10-31 | CVE-2023-31794 | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
5.5 | 2023-08-22 | CVE-2020-26683 | A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. |
5.5 | 2023-08-22 | CVE-2020-21896 | A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. |
5.5 | 2022-08-26 | CVE-2021-4216 | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. |
5.5 | 2021-07-21 | CVE-2021-37220 | MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input. |
5.5 | 2021-07-21 | CVE-2020-19609 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. |
5.5 | 2021-02-23 | CVE-2021-3407 | A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. |
7.8 | 2020-12-09 | CVE-2020-16600 | A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. |
5.5 | 2020-10-02 | CVE-2020-26519 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. |
7.8 | 2020-01-23 | CVE-2012-5340 | SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. |
7.1 | 2019-08-14 | CVE-2019-14975 | Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. |
7.8 | 2019-07-04 | CVE-2019-13290 | Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. |
9.8 | 2019-06-13 | CVE-2019-7321 | Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. |
5.5 | 2019-01-11 | CVE-2019-6131 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. |
5.5 | 2019-01-11 | CVE-2019-6130 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. |
5.5 | 2018-12-05 | CVE-2018-19882 | In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. |
5.5 | 2018-12-05 | CVE-2018-19881 | In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. |
5.5 | 2018-11-30 | CVE-2018-19777 | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
21% (12) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
19% (11) | CWE-787 | Out-of-bounds Write |
14% (8) | CWE-416 | Use After Free |
10% (6) | CWE-369 | Divide By Zero |
5% (3) | CWE-674 | Uncontrolled Recursion |
5% (3) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
5% (3) | CWE-125 | Out-of-bounds Read |
3% (2) | CWE-476 | NULL Pointer Dereference |
3% (2) | CWE-190 | Integer Overflow or Wraparound |
3% (2) | CWE-20 | Improper Input Validation |
1% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
1% (1) | CWE-415 | Double Free |
1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (1) | CWE-129 | Improper Validation of Array Index |
1% (1) | CWE-118 | Improper Access of Indexable Resource ('Range Error') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:24529 | DSA-2951-1 mupdf - security update |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
72177 | MuPDF Plugin for Firefox apps/mozilla/moz_main.c pdfmoz_onmouse() Function Ov... |
ExploitDB Exploits
id | Description |
---|---|
23246 | Sumatra 2.1.1/MuPDF 1.0 Integer Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2017-02-01 | MuPDF Fitz library font glyph scaling code execution vulnerability attempt RuleID : 41471 - Type : FILE-PDF - Revision : 4 |
2017-02-01 | MuPDF Fitz library font glyph scaling code execution vulnerability attempt RuleID : 41470 - Type : FILE-PDF - Revision : 4 |
2017-01-18 | Artifex MuPDF JBIG2 negative width value out of bounds read attempt RuleID : 41225 - Type : FILE-PDF - Revision : 4 |
2017-01-18 | Artifex MuPDF JBIG2 negative width value out of bounds read attempt RuleID : 41224 - Type : FILE-PDF - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-93558de1ac.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-049dee041d.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-15.nasl - Type: ACT_GATHER_INFO |
2018-11-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4334.nasl - Type: ACT_GATHER_INFO |
2018-03-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4152.nasl - Type: ACT_GATHER_INFO |
2018-02-23 | Name: The remote Fedora host is missing a security update. File: fedora_2018-da6f76b446.nasl - Type: ACT_GATHER_INFO |
2018-02-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7982ad5f2a.nasl - Type: ACT_GATHER_INFO |
2018-02-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7151603128.nasl - Type: ACT_GATHER_INFO |
2018-01-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d1213cef30.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-a1ad512b22.nasl - Type: ACT_GATHER_INFO |
2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-4c30d86843.nasl - Type: ACT_GATHER_INFO |
2017-12-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-9ae6e39bde.nasl - Type: ACT_GATHER_INFO |
2017-12-04 | Name: The remote Fedora host is missing a security update. File: fedora_2017-267f37c544.nasl - Type: ACT_GATHER_INFO |
2017-11-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1300.nasl - Type: ACT_GATHER_INFO |
2017-11-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-1164.nasl - Type: ACT_GATHER_INFO |
2017-10-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4006.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-487051ac16.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8150618774.nasl - Type: ACT_GATHER_INFO |
2017-06-07 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201706-08.nasl - Type: ACT_GATHER_INFO |
2017-05-30 | Name: The remote Fedora host is missing a security update. File: fedora_2017-5135c91b36.nasl - Type: ACT_GATHER_INFO |
2017-04-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2d11503623.nasl - Type: ACT_GATHER_INFO |
2017-03-24 | Name: The remote Fedora host is missing a security update. File: fedora_2017-3b97b275da.nasl - Type: ACT_GATHER_INFO |
2017-03-08 | Name: The remote Fedora host is missing a security update. File: fedora_2017-9a819664a6.nasl - Type: ACT_GATHER_INFO |
2017-03-02 | Name: The remote Fedora host is missing a security update. File: fedora_2017-844445f2aa.nasl - Type: ACT_GATHER_INFO |
2017-03-01 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3797.nasl - Type: ACT_GATHER_INFO |