CVE-2019-14975

7.1HIGH

Key Information

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 14 August 2019

Summary

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 14, 2019
Vulnerability Reserved.
Aug 12, 2019

Collectors

NVD DatabaseMitre Database