CVE-2009-4117

Name of the Vulnerable Software and Affected Versions MuPDF versions prior to commit 20091125231942 SumatraPDF versions prior to 1.0.1

Description The issue is related to multiple stack-based buffer overflows in the pdf shade4.c file. These overflows can be triggered by remote attackers via a /Decode array for certain types of shading that are not properly handled by the pdf loadtype4shade, pdf loadtype5shade, pdf loadtype6shade, and pdf loadtype7shade functions. This can cause a denial of service and possibly allow the execution of arbitrary code.

Recommendations For MuPDF versions prior to commit 20091125231942, update to a version after commit 20091125231942 to resolve the issue. For SumatraPDF versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the pdf loadtype4shade, pdf loadtype5shade, pdf loadtype6shade, and pdf loadtype7shade functions until a patch is available.