Floating Point Exception in Artifex MuPDF Affects Multiple Versions
CVE-2023-51105

7.5HIGH

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 26 December 2023

What is CVE-2023-51105?

Artifex MuPDF version 1.23.4 has a vulnerability in the function bmp_decompress_rle4() within load-bmp.c, which may lead to a floating point exception (divide-by-zero). This issue can cause unexpected behavior in applications utilizing this library, potentially leading to system crashes or other instabilities. Users are advised to evaluate their use of affected versions and apply security patches as needed to mitigate risks.

References

https://github.com/dongyuma/sox-defects/blob/main/mupdf-d...

http://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/co...

https://bugs.ghostscript.com/show_bug.cgi?id=707622

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2023
Vulnerability Reserved
Dec 18, 2023