Wanglin

**Name of the Vulnerable Software and Affected Versions** Artifex GSView version 6.0 Beta **Description** The issue allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." **Recommendations** For Artifex GSView version 6.0 Beta, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex GSView version 6.0 Beta **Description** The issue allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file. This is related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." **Recommendations** For Artifex GSView version 6.0 Beta, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Artifex GSView version 6.0 Beta **Description** The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." **Recommendations** For Artifex GSView version 6.0 Beta, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.11 **Description** The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This is related to a "User Mode Write AV near NULL" error on Windows, specifically at wow64!Wow64NotifyDebugger+0x000000000000001d. The problem arises because the `read zip dir imp` function in `fitz/unzip.c` does not check whether size fields in a ZIP entry are negative numbers. **Recommendations** For Artifex MuPDF version 1.11, consider restricting the processing of .xps files until a patch is available. As a temporary workaround, avoid using the `read zip dir imp` function in `fitz/unzip.c` for handling ZIP entries with potentially negative size fields.