Heap Out of Bounds Write Vulnerability in MuPDF Renderer
CVE-2016-8728

8.6HIGH

Key Information:

Status
Vendor
CVE Published:
24 April 2018

What is CVE-2016-8728?

A heap out of bounds write vulnerability detected in the Fitz graphical library of the MuPDF renderer can be exploited through specially crafted PDF files. When such a file is opened in a vulnerable version of MuPDF, it may lead to heap metadata corruption and compromise sensitive process memory, potentially allowing for arbitrary code execution. Users are advised to avoid opening untrusted PDF documents to mitigate risks associated with this vulnerability.

Affected Version(s)

MuPDF 1.10-rc1

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.