Floating Point Exception Vulnerability in Mupdf by Artifex Software
CVE-2021-4216

5.5MEDIUM

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 26 August 2022

Summary

A flaw exists within Mupdf that results in a floating point exception, specifically a division-by-zero error when handling zero width pages in 'muraster.c'. This issue can potentially disrupt normal application functionality, leading to a denial of service. The vulnerability has been addressed in Mupdf version 1.20.0-rc1, ensuring that users can work with zero width pages without encountering this critical implementation flaw.

Affected Version(s)

mupdf Fixed in v1.20.0-rc1

References

https://bugs.ghostscript.com/show_bug.cgi?id=704834

x_refsource_MISC

https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2022
Vulnerability Reserved
Jan 27, 2022