#VU6921 Null pointer dereference in MuPDF
Vulnerability identifier: #VU6921
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
MuPDF
Client/Desktop applications /
Multimedia software
Vendor: Artifex Software, Inc.
Description
An issue was discovered in Artifex Software, Inc. MuPDF before
1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function
in pdf-op-run.c encounters a NULL pointer dereference during a Fitz
fz_paint_pixmap_with_mask painting operation.
Mitigation
Update to version 1.11-r1.
Vulnerable software versions
MuPDF: 1.10a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
