CVE-2016-8674

Опубликовано: 15 фев. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

Ссылки

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec
http://www.debian.org/security/2017/dsa-3797
http://www.openwall.com/lists/oss-security/2016/10/16/8
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/93127
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/
Patch
Third Party Advisory
VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697015
Issue Tracking
Patch
https://bugs.ghostscript.com/show_bug.cgi?id=697019
Issue Tracking
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1385685
Issue Tracking
Patch
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec
http://www.debian.org/security/2017/dsa-3797
http://www.openwall.com/lists/oss-security/2016/10/16/8
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/93127
Third Party Advisory
VDB Entry
https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/
Patch
Third Party Advisory
VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697015
Issue Tracking
Patch
https://bugs.ghostscript.com/show_bug.cgi?id=697019
Issue Tracking
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1385685
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*

Версия до 1.9a (включая)

EPSS

Процентиль: 45%

0.00225

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2016-8674

CVSS3: 5.5

ubuntu

почти 9 лет назад

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

CVE-2016-8674

CVSS3: 5.5

debian

почти 9 лет назад

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows re ...

GHSA-pcg9-j72p-9gjp

CVSS3: 5.5

github

больше 3 лет назад

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

EPSS

Процентиль: 45%

0.00225

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-416