Vulnerability Name: | CVE-2018-1000037 (CCN-143779) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2018-01-24 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2018-01-24 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2019-03-14 | ||||||||||||||||||||||||||||||||||||||||
Summary: | In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-1000037 Source: CONFIRM Type: Patch http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 Source: CCN Type: mupdf GIT Repository Fix 698886: Don't try to load non-stream XObjects. Source: CONFIRM Type: Patch http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb Source: CONFIRM Type: Patch http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490 Source: MISC Type: Exploit, Issue Tracking, Patch, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501 Source: MISC Type: Exploit, Issue Tracking, Patch, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 Source: XF Type: UNKNOWN mupdf-cve20181000037-dos(143779) Source: GENTOO Type: Third Party Advisory GLSA-201811-15 Source: DEBIAN Type: Third Party Advisory DSA-4334 Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-1000037 | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |