Vulnerability Name: | CVE-2017-7264 (CCN-123710) | ||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2017-03-26 | ||||||||||||||||||||||||||||||||||||||||||||
Published: | 2017-03-26 | ||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2017-03-29 | ||||||||||||||||||||||||||||||||||||||||||||
Summary: | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | ||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-416 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||
References: | Source: CCN Type: Artifex Web site MuPDF Source: MITRE Type: CNA CVE-2017-7264 Source: MISC Type: Issue Tracking, Patch, Third Party Advisory http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 Source: BID Type: UNKNOWN 97111 Source: CCN Type: BID-97111 MuPDF CVE-2017-7264 Use After Free Denial of Service Vulnerability Source: CCN Type: agostino's blog, February 09, 2017 mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Source: MISC Type: Patch, Third Party Advisory, VDB Entry https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ Source: XF Type: UNKNOWN artifex-cve20177264-dos(123710) Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-7264 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
BACK |