CVE-2020-16600

Summary

CVE	CVE-2020-16600
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-09 21:15:00 UTC
Updated	2023-11-07 03:18:00 UTC
Description	A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Artifex	Mupdf	1.17.0	rc1	All	All
Application	Artifex	Mupdf	1.17.0	rc1	All	All
Application	Artifex	Mupdf	All	All	All	All

References

Reference	Source	Link	Tags
git.ghostscript.com Git - mupdf.git/commit		git.ghostscript.com
git.ghostscript.com Git - mupdf.git/commit	MISC	git.ghostscript.com	Patch, Third Party Advisory
702253 – Use After Free in fz_drop_band_writer	MISC	bugs.ghostscript.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

751225 OpenSUSE Security Update for mupdf (openSUSE-SU-2021:1341-1)