Out-of-Bounds Read Vulnerability in Artifex MuPDF Software
CVE-2018-18662

5.5MEDIUM

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 26 October 2018

What is CVE-2018-18662?

An out-of-bounds read vulnerability exists in the MuPDF library, specifically in the function fz_run_t3_glyph within fitz/font.c. This flaw could be exploited under certain conditions by crafted PDF documents, enabling an attacker to access portions of memory outside the intended bounds, potentially leading to information disclosure or application instability. Users of MuPDF version 1.14.0 should apply the necessary security updates to mitigate associated risks.

References

http://www.securityfocus.com/bid/105755

vdb-entry

https://bugs.ghostscript.com/show_bug.cgi?id=700043

https://github.com/TeamSeri0us/pocs/tree/master/mupdf

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2018
Vulnerability Reserved
Oct 26, 2018