CVE-2017-14686

Name of the Vulnerable Software and Affected Versions Artifex MuPDF version 1.11

Description The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This is related to a "User Mode Write AV near NULL" error on Windows, specifically at wow64!Wow64NotifyDebugger+0x000000000000001d. The problem arises because the read zip dir imp function in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

Recommendations For Artifex MuPDF version 1.11, consider restricting the processing of .xps files until a patch is available. As a temporary workaround, avoid using the read zip dir imp function in fitz/unzip.c for handling ZIP entries with potentially negative size fields.