Vulnerabilities > CVE-2021-37220 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

artifex

fedoraproject

CWE-787

NVD

Published: 2021-07-21

Updated: 2023-11-07

Summary

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Mupdf 0.6 Artifex Mupdf 0.7 Artifex Mupdf 0.8 Artifex Mupdf 0.8.15 Artifex Mupdf 0.8.165 Artifex Mupdf 0.9 Artifex Mupdf 0.9.1 Artifex Mupdf 1.0 Artifex Mupdf 1.1 Artifex Mupdf 1.2 Artifex Mupdf 1.3 Artifex Mupdf 1.4 Artifex Mupdf 1.5 Artifex Mupdf 1.6 Artifex Mupdf 1.7 Artifex Mupdf 1.7.1 Artifex Mupdf 1.7A Artifex Mupdf 1.8 Artifex Mupdf 1.8.1 Artifex Mupdf 1.9 Artifex Mupdf 1.9A Artifex Mupdf 1.10 Artifex Mupdf 1.10A Artifex Mupdf 1.11 Artifex Mupdf 1.12 Artifex Mupdf 1.12.0 Artifex Mupdf 1.13 Artifex Mupdf 1.13.0 Artifex Mupdf 1.14.0 Artifex Mupdf 1.15.0 Artifex Mupdf 1.15.1 Artifex Mupdf 1.15.2 Artifex Mupdf 1.16.0 Artifex Mupdf 1.16.1 Artifex Mupdf 1.17.0 Artifex Mupdf 1.18.0 Artifex Mupdf 1.18.1	69
OS	Fedoraproject Fedoraproject Fedora 34	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References