CVE-2018-1000039

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*

History

15 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () https://bugs.ghostscript.com/show_bug.cgi?id=698901 -

15 Jul 2024, 20:15

Type Values Removed Values Added
References
  • () https://bugs.ghostscript.com/show_bug.cgi?id=698883 -
  • () https://bugs.ghostscript.com/show_bug.cgi?id=698888 -
  • () https://bugs.ghostscript.com/show_bug.cgi?id=698891 -
  • () https://bugs.ghostscript.com/show_bug.cgi?id=698892 -

12 Jul 2024, 16:11

Type Values Removed Values Added
CVSS v2 : 6.8
v3 : 7.8
v2 : 6.8
v3 : 6.3

12 Jul 2024, 13:15

Type Values Removed Values Added
Summary (en) In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. (en) In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b', 'name': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • {'url': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995', 'name': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • {'url': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e', 'name': 'http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • () http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=4dcc6affe04368461310a21238f7e1871a752a05%3Bhp=8ec561d1bccc46e9db40a9f61310cd8b3763914e -
  • () http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995 -
  • () http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=f597300439e62f5e921f0d7b1e880b5c1a1f1607%3Bhp=093fc3b098dc5fadef5d8ad4b225db9fb124758b -

Information

Published : 2018-05-24 13:29

Updated : 2024-07-15 21:15


NVD link : CVE-2018-1000039

Mitre link : CVE-2018-1000039

CVE.ORG link : CVE-2018-1000039


JSON object : View

Products Affected

artifex

  • mupdf
CWE
CWE-416

Use After Free