Heap-Based Buffer Overflow in Artifex MuPDF Product by Artifex Software
CVE-2019-13290
7.8HIGH
What is CVE-2019-13290?
Artifex MuPDF version 1.15.0 is vulnerable to a heap-based buffer overflow in the function fz_append_display_node, found in fitz/list-device.c. This security flaw allows attackers to exploit the vulnerability with a specially crafted PDF file that contains a large BDC property name. When processed, this oversized input causes the allocated size of a display list node to overflow, potentially enabling remote attackers to execute arbitrary code.