CVE-2018-1000036

Summary

CVE	CVE-2018-1000036
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-05-24 13:29:00 UTC
Updated	2021-12-14 21:46:00 UTC
Description	In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

Risk And Classification

Problem Types: CWE-772

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Artifex	Mupdf	All	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All

References

Reference	Source	Link	Tags
MuPDF: Multiple vulnerabilities (GLSA 201811-15) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
[SECURITY] [DLA 2765-1] mupdf security update	MLIST	lists.debian.org
5502 - mupdf/pdf_fuzzer: Direct-leak in do_scavenging_malloc - oss-fuzz - Monorail	MISC	bugs.chromium.org	Exploit, Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178807 Debian Security Update for mupdf (DLA 2765-1)
710282 Gentoo Linux MuPDF Multiple Vulnerabilities (GLSA 201811-15)