Vulnerability Name:

CVE-2014-2013 (CCN-90637)

Assigned:2014-01-20
Published:2014-01-20
Updated:2017-12-29
Summary:Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Bugzilla Bug 694957
Stack-Based Buffer Overflow in xps_parse_color()

Source: CONFIRM
Type: Exploit
http://bugs.ghostscript.com/show_bug.cgi?id=694957

Source: MITRE
Type: CNA
CVE-2014-2013

Source: CONFIRM
Type: UNKNOWN
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc

Source: CCN
Type: MuPDF GIT Repository Web Site
MuPDF GIT Repository

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:0309

Source: FULLDISC
Type: UNKNOWN
20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color()

Source: MLIST
Type: UNKNOWN
[oss-security] 20140218 Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()

Source: CCN
Type: SA56538
MuPDF XPS Parsing "xps_parse_color()" Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
58904

Source: DEBIAN
Type: UNKNOWN
DSA-2951

Source: EXPLOIT-DB
Type: Exploit
31090

Source: MISC
Type: Exploit
http://www.hdwsec.fr/blog/mupdf.html

Source: CCN
Type: MuPDF Web Site
MuPDF

Source: OSVDB
Type: UNKNOWN
102340

Source: BID
Type: UNKNOWN
65036

Source: CCN
Type: BID-65036
MuPDF 'xps_parse_color()' Function Stack Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
mupdf-xpsparsecolor-bo(90637)

Source: CCN
Type: Packet Storm Security [01-21-2014]
MuPDF 1.3 Buffer Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-20-2014]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:artifex:mupdf:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:artifex:mupdf:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:artifex:mupdf:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:artifex:mupdf:*:*:*:*:*:*:*:* (Version <= 1.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20142013
    V
    		CVE-2014-2013
    2017-03-01
    oval:org.mitre.oval:def:24529
    P
    		DSA-2951-1 mupdf - security update
    2014-07-21
    oval:com.ubuntu.precise:def:20142013000
    V
    		CVE-2014-2013 on Ubuntu 12.04 LTS (precise) - medium.
    2014-03-03
    oval:com.ubuntu.trusty:def:20142013000
    V
    		CVE-2014-2013 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-03-03
    oval:com.ubuntu.xenial:def:201420130000000
    V
    		CVE-2014-2013 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-03-03
    oval:com.ubuntu.xenial:def:20142013000
    V
    		CVE-2014-2013 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-03-03
    BACK
    artifex mupdf 1.0
    artifex mupdf 1.1
    artifex mupdf 1.2
    artifex mupdf *