Artifex MuPDf Memory Corruption and Stack Buffer Overflow Vulnerabilities
BID:106558
CVE-2019-6130 | CVE-2019-6131 |Info
Artifex MuPDf Memory Corruption and Stack Buffer Overflow Vulnerabilities
| Bugtraq ID: | 106558 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2019-6130 CVE-2019-6131 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2019 12:00AM |
| Updated: | Jan 11 2019 12:00AM |
| Credit: | zerokeeper. |
| Vulnerable: |
Artifex Mupdf 1.14 |
| Not Vulnerable: | |
Discussion
Artifex MuPDf Memory Corruption and Stack Buffer Overflow Vulnerabilities
Artifex MuPDf is prone to the following vulnerabilities:
1. A memory corruption vulnerability.
2. A stack-based buffer-overflow vulnerability
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Artifex MuPDf version 1.14.0 is vulnerable.
Artifex MuPDf is prone to the following vulnerabilities:
1. A memory corruption vulnerability.
2. A stack-based buffer-overflow vulnerability
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Artifex MuPDf version 1.14.0 is vulnerable.
Exploit / POC
Artifex MuPDf Memory Corruption and Stack Buffer Overflow Vulnerabilities
The researcher has created a proof-of-concepts to demonstrate these issues. Please see the references for more information.
The researcher has created a proof-of-concepts to demonstrate these issues. Please see the references for more information.
References
Artifex MuPDf Memory Corruption and Stack Buffer Overflow Vulnerabilities
References:
References:
- Artifex MuPDF Product Page (Artifex Software)
- MuPDF Homepage (MuPDF)
- Bugzilla �?? Bug 700442 stack overflow in svg_run_element (Ghostscript)
- Bugzilla �?? Bug 700446 SEGV in fz_load_page (Ghostscript)