CVE-2018-1000037
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
24/05/2018
Last modified:
01/08/2024
Description
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* | 1.12.0 (including) | |
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.ghostscript.com/?p=mupdf.git%3Ba%3Dcommitdiff%3Bh%3D71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp%3D7f82c01523505052615492f8e220f4348ba46995
- http://git.ghostscript.com/?p=mupdf.git%3Ba%3Dcommitdiff%3Bh%3D8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp%3Dde39f005f12a1afc6973c1f5cec362d6545f70cb
- http://git.ghostscript.com/?p=mupdf.git%3Ba%3Dcommitdiff%3Bh%3Db2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp%3Df51836b9732c38d945b87fda0770009a77ba680c
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564
- https://bugs.ghostscript.com/show_bug.cgi?id=698882
- https://bugs.ghostscript.com/show_bug.cgi?id=698886
- https://bugs.ghostscript.com/show_bug.cgi?id=698888
- https://bugs.ghostscript.com/show_bug.cgi?id=698890
- https://security.gentoo.org/glsa/201811-15
- https://www.debian.org/security/2018/dsa-4334