This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Artifex First view 2011-05-13
Product Mupdf Last view 2020-01-23
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:* 17
cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:* 17
cpe:2.3:a:artifex:mupdf:1.3:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.6:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.7:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.8:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.8.15:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.8.165:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.9:-:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:0.9:rc1:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.0:-:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.0:rc1:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.1:-:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.1:rc1:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.3:-:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.3:rc1:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.9a:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.4:-:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.4:rc1:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.5:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.6:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.7:-:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.7:rc1:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.7a:*:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.8:-:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.8:rc1:*:*:*:*:*:* 15
cpe:2.3:a:artifex:mupdf:1.9:-:*:*:*:*:*:* 14
cpe:2.3:a:artifex:mupdf:1.9:rc1:*:*:*:*:*:* 14
cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:* 13
cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:* 13
cpe:2.3:a:artifex:mupdf:1.10:*:*:*:*:*:*:* 12
cpe:2.3:a:artifex:mupdf:1.10:rc2:*:*:*:*:*:* 12
cpe:2.3:a:artifex:mupdf:1.12.0:*:*:*:*:*:*:* 12
cpe:2.3:a:artifex:mupdf:1.10:-:*:*:*:*:*:* 12
cpe:2.3:a:artifex:mupdf:1.14.0:*:*:*:*:*:*:* 9
cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:* 9
cpe:2.3:a:artifex:mupdf:1.12:rc1:*:*:*:*:*:* 8
cpe:2.3:a:artifex:mupdf:1.12.0:-:*:*:*:*:*:* 8
cpe:2.3:a:artifex:mupdf:1.12.0:rc1:*:*:*:*:*:* 7
cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:* 5
cpe:2.3:a:artifex:mupdf:1.15.0:*:*:*:*:*:*:* 3
cpe:2.3:a:artifex:mupdf:1.13:rc1:*:*:*:*:*:* 2
cpe:2.3:a:artifex:mupdf:1.13.0:-:*:*:*:*:*:* 2
cpe:2.3:a:artifex:mupdf:1.14.0:-:*:*:*:*:*:* 2
cpe:2.3:a:artifex:mupdf:1.14.0:rc1:*:*:*:*:*:* 2

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-01-23 CVE-2012-5340

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

7.1 2019-08-14 CVE-2019-14975

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

7.8 2019-07-04 CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

9.8 2019-06-13 CVE-2019-7321

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

5.5 2019-01-11 CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

5.5 2019-01-11 CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

5.5 2018-12-05 CVE-2018-19882

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

5.5 2018-12-05 CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

5.5 2018-11-30 CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

5.5 2018-10-26 CVE-2018-18662

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

5.5 2018-09-06 CVE-2018-16648

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

5.5 2018-09-06 CVE-2018-16647

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

5.5 2018-05-24 CVE-2018-1000040

In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

7.8 2018-05-24 CVE-2018-1000039

In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

7.8 2018-05-24 CVE-2018-1000038

In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.

5.5 2018-05-24 CVE-2018-1000037

In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

5.5 2018-05-24 CVE-2018-1000036

In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

7.8 2018-04-24 CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.

7.8 2018-04-24 CVE-2016-8728

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.

5.5 2018-04-22 CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

7.8 2018-02-09 CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

5.5 2018-02-02 CVE-2018-6544

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

5.5 2018-01-24 CVE-2018-6192

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

5.5 2018-01-24 CVE-2018-6187

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

7.8 2018-01-22 CVE-2017-17858

Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

CWE : Common Weakness Enumeration

%idName
39% (16) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (6) CWE-416 Use After Free
7% (3) CWE-787 Out-of-bounds Write
7% (3) CWE-476 NULL Pointer Dereference
7% (3) CWE-125 Out-of-bounds Read
4% (2) CWE-190 Integer Overflow or Wraparound
4% (2) CWE-20 Improper Input Validation
2% (1) CWE-772 Missing Release of Resource after Effective Lifetime
2% (1) CWE-674 Uncontrolled Recursion
2% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (1) CWE-399 Resource Management Errors
2% (1) CWE-129 Improper Validation of Array Index
2% (1) CWE-118 Improper Access of Indexable Resource ('Range Error')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:24529 DSA-2951-1 mupdf - security update

Open Source Vulnerability Database (OSVDB)

id Description
72177 MuPDF Plugin for Firefox apps/mozilla/moz_main.c pdfmoz_onmouse() Function Ov...

ExploitDB Exploits

id Description
23246 Sumatra 2.1.1/MuPDF 1.0 Integer Overflow

Snort® IPS/IDS

Date Description
2017-02-01 MuPDF Fitz library font glyph scaling code execution vulnerability attempt
RuleID : 41471 - Type : FILE-PDF - Revision : 4
2017-02-01 MuPDF Fitz library font glyph scaling code execution vulnerability attempt
RuleID : 41470 - Type : FILE-PDF - Revision : 4
2017-01-18 Artifex MuPDF JBIG2 negative width value out of bounds read attempt
RuleID : 41225 - Type : FILE-PDF - Revision : 4
2017-01-18 Artifex MuPDF JBIG2 negative width value out of bounds read attempt
RuleID : 41224 - Type : FILE-PDF - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-93558de1ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-049dee041d.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-15.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4334.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4152.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote Fedora host is missing a security update.
File: fedora_2018-da6f76b446.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7982ad5f2a.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7151603128.nasl - Type: ACT_GATHER_INFO
2018-01-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d1213cef30.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-a1ad512b22.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-4c30d86843.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Fedora host is missing a security update.
File: fedora_2017-9ae6e39bde.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote Fedora host is missing a security update.
File: fedora_2017-267f37c544.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1300.nasl - Type: ACT_GATHER_INFO
2017-11-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-1164.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4006.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-487051ac16.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8150618774.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-08.nasl - Type: ACT_GATHER_INFO
2017-05-30 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5135c91b36.nasl - Type: ACT_GATHER_INFO
2017-04-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2d11503623.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote Fedora host is missing a security update.
File: fedora_2017-3b97b275da.nasl - Type: ACT_GATHER_INFO
2017-03-08 Name: The remote Fedora host is missing a security update.
File: fedora_2017-9a819664a6.nasl - Type: ACT_GATHER_INFO
2017-03-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-844445f2aa.nasl - Type: ACT_GATHER_INFO
2017-03-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3797.nasl - Type: ACT_GATHER_INFO