Heap Based Buffer Overflow in Artifex MuPDF Affected by JBIG2 Parsing
CVE-2020-26519

5.5MEDIUM

Key Information:

Vendor

Artifex
Status
MuPDF
Vendor
CVE Published:
2 October 2020

What is CVE-2020-26519?

Artifex MuPDF prior to version 1.18.0 contains a vulnerability that allows an attacker to exploit heap-based buffer over-writes during the parsing of JBIG2 files. This can lead to a denial of service, potentially compromising the functionality of applications relying on this PDF rendering library. Users of affected versions are urged to update to the latest version to mitigate risks.

References

https://bugs.ghostscript.com/show_bug.cgi?id=702937
x_refsource_MISC
http://git.ghostscript.com/?p=mupdf.git%3Ba=commit%3Bh=af...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.