Vulnerabilities > CVE-2018-1000039 - Use After Free vulnerability in Artifex Mupdf

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
artifex
CWE-416
nessus
NVD
Published: 2018-05-24
Updated: 2023-11-07

Summary

In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

Vulnerable Configurations

Part Description Count
Application
Artifex
51

Common Weakness Enumeration (CWE)

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-201811-15.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-201811-15 (MuPDF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted file, could possibly execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id119160
published2018-11-27
reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/119160
titleGLSA-201811-15 : MuPDF: Multiple vulnerabilities

References