Artifex MuPDF 1.11 Release Candidate 1

CPE Details

Artifex MuPDF 1.11 Release Candidate 1
artifex
mupdf
1.11
2019-06-12
09h53 +00:00
2019-06-12
09h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:artifex:mupdf:1.11:rc1:*:*:*:*:*:*

Informations

Vendor

artifex

Product

mupdf

Version

1.11

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-4216 2022-08-26 13h25 +00:00 A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
5.5
Medium
CVE-2021-37220 2021-07-21 19h02 +00:00 MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
5.5
Medium
CVE-2020-19609 2021-07-21 12h10 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2020-16600 2020-12-09 20h06 +00:00 A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
7.8
High
CVE-2020-26519 2020-10-02 03h34 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2019-14975 2019-08-14 10h46 +00:00 Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
7.1
High
CVE-2018-1000036 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
5.5
Medium
CVE-2018-1000037 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
5.5
Medium
CVE-2018-1000038 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
7.8
High
CVE-2018-1000039 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
6.3
Medium
CVE-2018-1000040 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
5.5
Medium
CVE-2017-17866 2017-12-23 16h00 +00:00 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
7.8
High
CVE-2017-15587 2017-10-18 06h00 +00:00 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
7.8
High
CVE-2017-15369 2017-10-16 01h00 +00:00 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
7.8
High
CVE-2017-14685 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.
7.8
High
CVE-2017-14686 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.
7.8
High
CVE-2017-14687 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.
7.8
High