CVE-2018-19882

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Artifex MuPDF version 1.14.0

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the svg run image function.

Recommendations For Artifex MuPDF version 1.14.0, consider avoiding the use of crafted svg files until a patch is available. As a temporary workaround, restrict the processing of svg files to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-19882

Affected Products

Artifex Mupdf

CVE-2018-19882

Weakness Enumeration

Related Identifiers

Affected Products

References · 12