Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-15369 (GCVE-0-2017-15369)
Vulnerability from cvelistv5
Published
2017-10-16 01:00
Modified
2024-09-17 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
References
| ► | URL | Tags | |
|---|---|---|---|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-16T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698592",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15369",
"datePublished": "2017-10-16T01:00:00Z",
"dateReserved": "2017-10-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:35:48.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-15369\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-16T01:29:01.060\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n build_filter_chain en pdf/pdf-stream.c en Artifex MuPDF, en versiones anteriores al 2017-09-25, gestiona de manera incorrecta un caso espec\u00edfico en el que una variable podr\u00eda encontrarse en un registro, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (uso de memoria despu\u00e9s de su liberaci\u00f3n o use-after-free de Fitz fz_drop_imp y cierre inesperado de la aplicaci\u00f3n) o, probablemente, provocar otro tipo de impacto mediante un documento PDF manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11\",\"matchCriteriaId\":\"E4AEC7EC-1559-463B-9A1A-0807F3C78C38\"}]}]}],\"references\":[{\"url\":\"http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.ghostscript.com/show_bug.cgi?id=698592\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.ghostscript.com/show_bug.cgi?id=698592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
ghsa-q727-q9wc-x4mf
Vulnerability from github
Published
2022-05-17 00:26
Modified
2025-04-20 03:46
Severity ?
VLAI Severity ?
Details
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
{
"affected": [],
"aliases": [
"CVE-2017-15369"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-16T01:29:00Z",
"severity": "HIGH"
},
"details": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
"id": "GHSA-q727-q9wc-x4mf",
"modified": "2025-04-20T03:46:50Z",
"published": "2022-05-17T00:26:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15369"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2017-15369
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-15369",
"description": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
"id": "GSD-2017-15369",
"references": [
"https://www.suse.com/security/cve/CVE-2017-15369.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-15369"
],
"details": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
"id": "GSD-2017-15369",
"modified": "2023-12-13T01:20:58.741126Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698592",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.11",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15369"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698592",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
},
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-11-07T13:20Z",
"publishedDate": "2017-10-16T01:29Z"
}
}
}
opensuse-su-2024:11068-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
mupdf-1.18.0-1.7 on GA media
Notes
Title of the patch
mupdf-1.18.0-1.7 on GA media
Description of the patch
These are all security issues fixed in the mupdf-1.18.0-1.7 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11068
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "mupdf-1.18.0-1.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the mupdf-1.18.0-1.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11068",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11068-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10132 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10141 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10221 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8729 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15369 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17858 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5627 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5628 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5896 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7976 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000051 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16647 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16648 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18662 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5686 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6192 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6544 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6544/"
}
],
"title": "mupdf-1.18.0-1.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11068-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mupdf-1.18.0-1.7.aarch64",
"product": {
"name": "mupdf-1.18.0-1.7.aarch64",
"product_id": "mupdf-1.18.0-1.7.aarch64"
}
},
{
"category": "product_version",
"name": "mupdf-devel-static-1.18.0-1.7.aarch64",
"product": {
"name": "mupdf-devel-static-1.18.0-1.7.aarch64",
"product_id": "mupdf-devel-static-1.18.0-1.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mupdf-1.18.0-1.7.ppc64le",
"product": {
"name": "mupdf-1.18.0-1.7.ppc64le",
"product_id": "mupdf-1.18.0-1.7.ppc64le"
}
},
{
"category": "product_version",
"name": "mupdf-devel-static-1.18.0-1.7.ppc64le",
"product": {
"name": "mupdf-devel-static-1.18.0-1.7.ppc64le",
"product_id": "mupdf-devel-static-1.18.0-1.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mupdf-1.18.0-1.7.s390x",
"product": {
"name": "mupdf-1.18.0-1.7.s390x",
"product_id": "mupdf-1.18.0-1.7.s390x"
}
},
{
"category": "product_version",
"name": "mupdf-devel-static-1.18.0-1.7.s390x",
"product": {
"name": "mupdf-devel-static-1.18.0-1.7.s390x",
"product_id": "mupdf-devel-static-1.18.0-1.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mupdf-1.18.0-1.7.x86_64",
"product": {
"name": "mupdf-1.18.0-1.7.x86_64",
"product_id": "mupdf-1.18.0-1.7.x86_64"
}
},
{
"category": "product_version",
"name": "mupdf-devel-static-1.18.0-1.7.x86_64",
"product": {
"name": "mupdf-devel-static-1.18.0-1.7.x86_64",
"product_id": "mupdf-devel-static-1.18.0-1.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-1.18.0-1.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64"
},
"product_reference": "mupdf-1.18.0-1.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-1.18.0-1.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le"
},
"product_reference": "mupdf-1.18.0-1.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-1.18.0-1.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x"
},
"product_reference": "mupdf-1.18.0-1.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-1.18.0-1.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64"
},
"product_reference": "mupdf-1.18.0-1.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-devel-static-1.18.0-1.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64"
},
"product_reference": "mupdf-devel-static-1.18.0-1.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-devel-static-1.18.0-1.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le"
},
"product_reference": "mupdf-devel-static-1.18.0-1.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-devel-static-1.18.0-1.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x"
},
"product_reference": "mupdf-devel-static-1.18.0-1.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mupdf-devel-static-1.18.0-1.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
},
"product_reference": "mupdf-devel-static-1.18.0-1.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10132"
}
],
"notes": [
{
"category": "general",
"text": "regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10132",
"url": "https://www.suse.com/security/cve/CVE-2016-10132"
},
{
"category": "external",
"summary": "SUSE Bug 1019877 for CVE-2016-10132",
"url": "https://bugzilla.suse.com/1019877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-10132"
},
{
"cve": "CVE-2016-10141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10141"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10141",
"url": "https://www.suse.com/security/cve/CVE-2016-10141"
},
{
"category": "external",
"summary": "SUSE Bug 1019877 for CVE-2016-10141",
"url": "https://bugzilla.suse.com/1019877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-10141"
},
{
"cve": "CVE-2016-10221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10221"
}
],
"notes": [
{
"category": "general",
"text": "The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10221",
"url": "https://www.suse.com/security/cve/CVE-2016-10221"
},
{
"category": "external",
"summary": "SUSE Bug 1032140 for CVE-2016-10221",
"url": "https://bugzilla.suse.com/1032140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10221"
},
{
"cve": "CVE-2016-8729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8729"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8729",
"url": "https://www.suse.com/security/cve/CVE-2016-8729"
},
{
"category": "external",
"summary": "SUSE Bug 1039850 for CVE-2016-8729",
"url": "https://bugzilla.suse.com/1039850"
},
{
"category": "external",
"summary": "SUSE Bug 1039931 for CVE-2016-8729",
"url": "https://bugzilla.suse.com/1039931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-8729"
},
{
"cve": "CVE-2017-15369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15369"
}
],
"notes": [
{
"category": "general",
"text": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15369",
"url": "https://www.suse.com/security/cve/CVE-2017-15369"
},
{
"category": "external",
"summary": "SUSE Bug 1063413 for CVE-2017-15369",
"url": "https://bugzilla.suse.com/1063413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-15369"
},
{
"cve": "CVE-2017-17858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17858"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17858",
"url": "https://www.suse.com/security/cve/CVE-2017-17858"
},
{
"category": "external",
"summary": "SUSE Bug 1077161 for CVE-2017-17858",
"url": "https://bugzilla.suse.com/1077161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-17858"
},
{
"cve": "CVE-2017-5627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5627"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5627",
"url": "https://www.suse.com/security/cve/CVE-2017-5627"
},
{
"category": "external",
"summary": "SUSE Bug 1022503 for CVE-2017-5627",
"url": "https://bugzilla.suse.com/1022503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5627"
},
{
"cve": "CVE-2017-5628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5628"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5628",
"url": "https://www.suse.com/security/cve/CVE-2017-5628"
},
{
"category": "external",
"summary": "SUSE Bug 1022504 for CVE-2017-5628",
"url": "https://bugzilla.suse.com/1022504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5628"
},
{
"cve": "CVE-2017-5896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5896"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5896",
"url": "https://www.suse.com/security/cve/CVE-2017-5896"
},
{
"category": "external",
"summary": "SUSE Bug 1023761 for CVE-2017-5896",
"url": "https://bugzilla.suse.com/1023761"
},
{
"category": "external",
"summary": "SUSE Bug 1024679 for CVE-2017-5896",
"url": "https://bugzilla.suse.com/1024679"
},
{
"category": "external",
"summary": "SUSE Bug 1031053 for CVE-2017-5896",
"url": "https://bugzilla.suse.com/1031053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5896"
},
{
"cve": "CVE-2017-7976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7976"
}
],
"notes": [
{
"category": "general",
"text": "Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7976",
"url": "https://www.suse.com/security/cve/CVE-2017-7976"
},
{
"category": "external",
"summary": "SUSE Bug 1035032 for CVE-2017-7976",
"url": "https://bugzilla.suse.com/1035032"
},
{
"category": "external",
"summary": "SUSE Bug 1052029 for CVE-2017-7976",
"url": "https://bugzilla.suse.com/1052029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-7976"
},
{
"cve": "CVE-2018-1000051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000051"
}
],
"notes": [
{
"category": "general",
"text": "Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000051",
"url": "https://www.suse.com/security/cve/CVE-2018-1000051"
},
{
"category": "external",
"summary": "SUSE Bug 1080531 for CVE-2018-1000051",
"url": "https://bugzilla.suse.com/1080531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1000051"
},
{
"cve": "CVE-2018-16647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16647"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16647",
"url": "https://www.suse.com/security/cve/CVE-2018-16647"
},
{
"category": "external",
"summary": "SUSE Bug 1107595 for CVE-2018-16647",
"url": "https://bugzilla.suse.com/1107595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16647"
},
{
"cve": "CVE-2018-16648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16648"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16648",
"url": "https://www.suse.com/security/cve/CVE-2018-16648"
},
{
"category": "external",
"summary": "SUSE Bug 1106883 for CVE-2018-16648",
"url": "https://bugzilla.suse.com/1106883"
},
{
"category": "external",
"summary": "SUSE Bug 1107593 for CVE-2018-16648",
"url": "https://bugzilla.suse.com/1107593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16648"
},
{
"cve": "CVE-2018-18662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18662"
}
],
"notes": [
{
"category": "general",
"text": "There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18662",
"url": "https://www.suse.com/security/cve/CVE-2018-18662"
},
{
"category": "external",
"summary": "SUSE Bug 1113670 for CVE-2018-18662",
"url": "https://bugzilla.suse.com/1113670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18662"
},
{
"cve": "CVE-2018-5686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5686"
}
],
"notes": [
{
"category": "general",
"text": "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5686",
"url": "https://www.suse.com/security/cve/CVE-2018-5686"
},
{
"category": "external",
"summary": "SUSE Bug 1075936 for CVE-2018-5686",
"url": "https://bugzilla.suse.com/1075936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5686"
},
{
"cve": "CVE-2018-6187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6187"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6187",
"url": "https://www.suse.com/security/cve/CVE-2018-6187"
},
{
"category": "external",
"summary": "SUSE Bug 1077407 for CVE-2018-6187",
"url": "https://bugzilla.suse.com/1077407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6187"
},
{
"cve": "CVE-2018-6192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6192"
}
],
"notes": [
{
"category": "general",
"text": "In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6192",
"url": "https://www.suse.com/security/cve/CVE-2018-6192"
},
{
"category": "external",
"summary": "SUSE Bug 1077755 for CVE-2018-6192",
"url": "https://bugzilla.suse.com/1077755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6192"
},
{
"cve": "CVE-2018-6544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6544"
}
],
"notes": [
{
"category": "general",
"text": "pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6544",
"url": "https://www.suse.com/security/cve/CVE-2018-6544"
},
{
"category": "external",
"summary": "SUSE Bug 1079100 for CVE-2018-6544",
"url": "https://bugzilla.suse.com/1079100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
"openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-6544"
}
]
}
fkie_cve-2017-15369
Vulnerability from fkie_nvd
Published
2017-10-16 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AEC7EC-1559-463B-9A1A-0807F3C78C38",
"versionEndIncluding": "1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
},
{
"lang": "es",
"value": "La funci\u00f3n build_filter_chain en pdf/pdf-stream.c en Artifex MuPDF, en versiones anteriores al 2017-09-25, gestiona de manera incorrecta un caso espec\u00edfico en el que una variable podr\u00eda encontrarse en un registro, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (uso de memoria despu\u00e9s de su liberaci\u00f3n o use-after-free de Fitz fz_drop_imp y cierre inesperado de la aplicaci\u00f3n) o, probablemente, provocar otro tipo de impacto mediante un documento PDF manipulado."
}
],
"id": "CVE-2017-15369",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T01:29:01.060",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…