Vulnerabilities > CVE-2017-7264 - Use After Free vulnerability in Artifex Mupdf 1.10A

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

artifex

CWE-416

NVD

Published: 2017-03-26

Updated: 2023-11-07

Summary

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Mupdf 1.10A	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
http://www.securityfocus.com/bid/97111
http://git.ghostscript.com/?p=mupdf.git%3Bh=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27