CVE-2018-16648

{"id": "CVE-2018-16648", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-09-06T23:29:01.927", "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=699685", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow."}, {"lang": "es", "value": "La funci\u00f3n fz_append_byte en fitz/buffer.c en Artifex MuPDF 1.13.0 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) mediante un archivo pdf manipulado. Esto se ha provocado por un subdesbordamiento de \u00edndice de arrays pdf_dev_alpha en pdf/pdf-device.c."}], "lastModified": "2024-09-12T17:15:03.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D72588-9786-4242-A86B-D084604F9E08"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}