Vulnerability CVE-2019-14975: Information

Description

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

Severity: HIGH (7.1) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-14975
Published: Aug. 14, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mupdfsisyphus1.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp101.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed
mupdfp91.18.0-alt11.18.0-alt1ALT-PU-2020-3484-1263155Fixed
mupdfc10f11.18.0-alt11.18.0-alt1ALT-PU-2020-3475-1263138Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.ghostscript.com/show_bug.cgi?id=701292
  • Exploit
  • Third Party Advisory
http://git.ghostscript.com/?p=mupdf.git%3Ba=commit%3Bh=97096297d409ec6f206298444ba00719607e8ba8

      1. Configuration 1

        cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
        End excliding
        1.16.0
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top