PT-2023-9300 · Mupdf+4 · Mupdf+4
Sebastian Rasmussen
·
Published
2023-12-26
·
Updated
2025-11-25
·
CVE-2023-51105
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
MuPDF version 1.23.4
Description
A floating point exception vulnerability was discovered in the
bmp decompress rle4() function of MuPDF, related to a divide-by-zero error. This issue may allow a remote attacker to cause a denial of service.Recommendations
For MuPDF version 1.23.4, consider disabling the
bmp decompress rle4() function as a temporary workaround until a patch is available. Restrict access to the load-bmp.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Divide By Zero
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Mupdf
Red Os
Ubuntu