#VU6922 Stack-based buffer overflow in MuPDF
Vulnerability identifier: #VU6922
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
MuPDF
Client/Desktop applications /
Multimedia software
Vendor: Artifex Software, Inc.
Description
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex
Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified
impact via a crafted image.
Mitigation
Update to version 1.11-r1.
Vulnerable software versions
MuPDF: 1.10a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
