CVE-2021-37220

Name
CVE-2021-37220
Description
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugs.ghostscript.com/show_bug.cgi?id=703791
MISC http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKRMREIYUBGG2GV73CU7BJNW2Q34IP23/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* mupdf >= None <= 1.18.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mupdf 3.14-community 1.18.0-r1 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable
mupdf 3.11-main 1.16.1-r1 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable