Vulnerabilities > CVE-2017-6060 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
artifex
debian
CWE-787
nessus
exploit available
NVD
Published: 2017-03-15
Updated: 2024-09-11

Summary

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

Vulnerable Configurations

Part Description Count
Application
Artifex
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionArtifex MuPDF mujstest 1.10a - Null Pointer Dereference. CVE-2017-6060. Dos exploit for Linux platform
idEDB-ID:42139
last seen2017-06-08
modified2017-02-17
published2017-02-17
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42139/
titleArtifex MuPDF mujstest 1.10a - Null Pointer Dereference

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-9A819664A6.NASL
    descriptionSecurity fix for CVE-2017-6060 CVE-2017-5896 ---- Add comment with explanation of disabled debuginfo Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-08
    plugin id97591
    published2017-03-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97591
    titleFedora 25 : mupdf (2017-9a819664a6)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-487051AC16.NASL
    descriptionfix buffer overflow (#1425338) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101622
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101622
    titleFedora 26 : mupdf (2017-487051ac16)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-3B97B275DA.NASL
    descriptionSecurity fix for CVE-2017-5896 CVE-2017-6060 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-24
    plugin id97925
    published2017-03-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97925
    titleFedora 24 : mupdf (2017-3b97b275da)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-08 (MuPDF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted PDF document or image using MuPDF, possibly resulting in a Denial of Service condition or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100651
    published2017-06-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100651
    titleGLSA-201706-08 : MuPDF: Multiple vulnerabilities

References