Memory Corruption Vulnerability in MuPDF by Artifex Software
CVE-2021-3407

5.5MEDIUM

Key Information:

Vendor
Artifex
Status
MuPDF
Vendor
CVE Published:
23 February 2021

Summary

A flaw has been identified in MuPDF version 1.18.0, where a double free of an object during the process of linearization can lead to memory corruption. This vulnerability poses significant risks as it may allow attackers to manipulate memory and potentially execute arbitrary code. Users are advised to update to the latest version to mitigate these risks and ensure system integrity. Comprehensive evaluation of security practices and regular software updates are crucial to safeguard against this type of vulnerability.

Affected Version(s)

mupdf mupdf 1.18.0

References

http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d4...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.