PT-2017-7818 · Artifex · Mupdf
Kamil Frankowicz
·
Published
2017-04-03
·
Updated
2024-09-16
·
CVE-2016-10221
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
MuPDF version 1.10a
Description
The issue allows remote attackers to cause a denial of service, resulting in stack consumption and application crash, via a crafted PDF document. This is due to a problem in the
count entries function in pdf-layer.c.Recommendations
For MuPDF version 1.10a, consider disabling the
count entries function in pdf-layer.c as a temporary workaround until a patch is available. Restrict the processing of crafted PDF documents to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mupdf