CVE-2017-5896

Name
CVE-2017-5896
Description
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org http://git.ghostscript.com/?p=mupdf.git%3Bh=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
cve@mitre.org http://www.debian.org/security/2017/dsa-3797
Mailing List http://www.openwall.com/lists/oss-security/2017/02/06/3
Mailing List http://www.openwall.com/lists/oss-security/2017/02/07/1
Third Party Advisory http://www.securityfocus.com/bid/96139
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697515
cve@mitre.org https://security.gentoo.org/glsa/201702-12

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* mupdf >= None <= 1.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mupdf edge-community 1.10a-r1 None fixed
mupdf 3.22-community 1.10a-r1 None fixed
mupdf 3.21-community 1.10a-r1 None fixed
mupdf 3.20-community 1.10a-r1 None fixed
mupdf 3.19-community 1.10a-r1 None fixed
mupdf 3.18-community 1.10a-r1 None fixed
mupdf 3.17-community 1.10a-r1 None fixed
mupdf 3.11-main 1.10a-r1 None fixed
mupdf 3.10-main 1.10a-r1 None fixed