Vulnerability CVE-2018-16648: Information

Description

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-16648
Published: Sept. 7, 2018
Modified: July 26, 2020
Error type identifier: CWE-129

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mupdfsisyphus1.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp101.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp91.18.0-alt11.18.0-alt1ALT-PU-2020-3484-1263155Fixed
mupdfc10f11.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.ghostscript.com/show_bug.cgi?id=699685
  • Exploit
  • Third Party Advisory
[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update

      1. Configuration 1

        cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top