Vulnerabilities > CVE-2020-19609 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

artifex

debian

CWE-787

NVD

Published: 2021-07-21

Updated: 2023-11-07

Summary

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Mupdf 0.6 Artifex Mupdf 0.7 Artifex Mupdf 0.8 Artifex Mupdf 0.8.15 Artifex Mupdf 0.8.165 Artifex Mupdf 0.9 Artifex Mupdf 0.9.1 Artifex Mupdf 1.0 Artifex Mupdf 1.1 Artifex Mupdf 1.2 Artifex Mupdf 1.3 Artifex Mupdf 1.4 Artifex Mupdf 1.5 Artifex Mupdf 1.6 Artifex Mupdf 1.7 Artifex Mupdf 1.7.1 Artifex Mupdf 1.7A Artifex Mupdf 1.8 Artifex Mupdf 1.8.1 Artifex Mupdf 1.9 Artifex Mupdf 1.9A Artifex Mupdf 1.10 Artifex Mupdf 1.10A Artifex Mupdf 1.11 Artifex Mupdf 1.12 Artifex Mupdf 1.12.0 Artifex Mupdf 1.13 Artifex Mupdf 1.13.0 Artifex Mupdf 1.14.0 Artifex Mupdf 1.15.0 Artifex Mupdf 1.15.1 Artifex Mupdf 1.15.2 Artifex Mupdf 1.16.0 Artifex Mupdf 1.16.1 Artifex Mupdf 1.17.0	66
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References