Vulnerabilities > CVE-2019-7321 - Use of Uninitialized Resource vulnerability in Artifex Mupdf 1.14.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

artifex

CWE-908

critical

NVD

Published: 2019-06-13

Updated: 2024-09-11

Summary

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Mupdf 1.14.0	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
https://bugs.ghostscript.com/show_bug.cgi?id=700560
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d