CVE-2016-6265

Published on: 09/22/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Certain versions of Mupdf from Artifex contain the following vulnerability:

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

  • CVE-2016-6265 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
MuPDF: Multiple vulnerabilities (GLSA 201702-12) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201702-12
Bug 696941 – mupdf use after free Exploit
Patch
bugs.ghostscript.com
text/html
URL Logo CONFIRM bugs.ghostscript.com/show_bug.cgi?id=696941
openSUSE-SU-2016:1926-1: moderate: Security update for mupdf Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1926
git.ghostscript.com Git - mupdf.git/commit Patch
git.ghostscript.com
text/xml
URL Logo CONFIRM git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
oss-security - Re: mupdf library use after free Exploit
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160721 Re: mupdf library use after free
MuPDF CVE-2016-6265 Use After Free Denial of Service Vulnerability Third Party Advisory
cve.report (archive)
text/html
URL Logo BID 92071
Debian -- Security Information -- DSA-3655-1 mupdf www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3655

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationArtifexMupdfAllAllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
  • cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*: