Stack-based buffer overflow in mupdf (Alpine package)



Published: 2017-05-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-6060
CWE-ID CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		mupdf (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU6922

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-6060

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

Mitigation

Install update from vendor's website.

Vulnerable software versions

mupdf (Alpine package): 1.10a-r0 - 1.10a-r2-r0

External links

http://git.alpinelinux.org/aports/commit/?id=d9c3c9c209f455ed747c905497cfdbfd57baa2c8
http://git.alpinelinux.org/aports/commit/?id=831d2ee24986330048dfa488c8bb5017656e8efd
http://git.alpinelinux.org/aports/commit/?id=4c051e672a466cabc9cb2929e26527e1a0b4f387
http://git.alpinelinux.org/aports/commit/?id=a05cd51302237e06412d14a512a51fd1092860bb
http://git.alpinelinux.org/aports/commit/?id=48776dcc01e07b1ebbf5f2ce5d2100f01db0b8bf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###