Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-6060 |
CWE-ID | CWE-121 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
mupdf (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU6922
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6060
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionStack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
MitigationInstall update from vendor's website.
Vulnerable software versionsmupdf (Alpine package): 1.10a-r0 - 1.10a-r2-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=d9c3c9c209f455ed747c905497cfdbfd57baa2c8
http://git.alpinelinux.org/aports/commit/?id=831d2ee24986330048dfa488c8bb5017656e8efd
http://git.alpinelinux.org/aports/commit/?id=4c051e672a466cabc9cb2929e26527e1a0b4f387
http://git.alpinelinux.org/aports/commit/?id=a05cd51302237e06412d14a512a51fd1092860bb
http://git.alpinelinux.org/aports/commit/?id=48776dcc01e07b1ebbf5f2ce5d2100f01db0b8bf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.