CVE-2017-14687

Name of the Vulnerable Software and Affected Versions Artifex MuPDF version 1.11

Description The issue allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because of mishandling of XML tag name comparisons, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows.

Recommendations For Artifex MuPDF version 1.11, consider avoiding the use of crafted .xps files until a patch is available. As a temporary workaround, restrict the processing of .xps files to minimize the risk of exploitation.