cvelistv5 - cve-2017-15369

CVE-2017-15369 (GCVE-0-2017-15369)

Vulnerability from cvelistv5 – Published: 2017-10-16 01:00 – Updated: 2024-09-17 01:35

Summary

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

OPENSUSE-SU-2024:11068-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

mupdf-1.18.0-1.7 on GA media

Notes

Title of the patch

mupdf-1.18.0-1.7 on GA media

Description of the patch

These are all security issues fixed in the mupdf-1.18.0-1.7 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11068

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "mupdf-1.18.0-1.7 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the mupdf-1.18.0-1.7 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11068",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11068-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10132 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10132/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10141 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10141/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-10221 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-10221/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8729 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8729/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15369 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15369/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17858 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17858/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5627 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5627/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5628 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5628/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5896 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5896/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7976 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7976/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000051 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000051/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16647 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16647/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16648 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18662 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18662/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5686 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5686/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6187 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6187/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6192 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6192/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6544 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6544/"
      }
    ],
    "title": "mupdf-1.18.0-1.7 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11068-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.18.0-1.7.aarch64",
                "product": {
                  "name": "mupdf-1.18.0-1.7.aarch64",
                  "product_id": "mupdf-1.18.0-1.7.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.18.0-1.7.aarch64",
                "product": {
                  "name": "mupdf-devel-static-1.18.0-1.7.aarch64",
                  "product_id": "mupdf-devel-static-1.18.0-1.7.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.18.0-1.7.ppc64le",
                "product": {
                  "name": "mupdf-1.18.0-1.7.ppc64le",
                  "product_id": "mupdf-1.18.0-1.7.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.18.0-1.7.ppc64le",
                "product": {
                  "name": "mupdf-devel-static-1.18.0-1.7.ppc64le",
                  "product_id": "mupdf-devel-static-1.18.0-1.7.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.18.0-1.7.s390x",
                "product": {
                  "name": "mupdf-1.18.0-1.7.s390x",
                  "product_id": "mupdf-1.18.0-1.7.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.18.0-1.7.s390x",
                "product": {
                  "name": "mupdf-devel-static-1.18.0-1.7.s390x",
                  "product_id": "mupdf-devel-static-1.18.0-1.7.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.18.0-1.7.x86_64",
                "product": {
                  "name": "mupdf-1.18.0-1.7.x86_64",
                  "product_id": "mupdf-1.18.0-1.7.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.18.0-1.7.x86_64",
                "product": {
                  "name": "mupdf-devel-static-1.18.0-1.7.x86_64",
                  "product_id": "mupdf-devel-static-1.18.0-1.7.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.18.0-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64"
        },
        "product_reference": "mupdf-1.18.0-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.18.0-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le"
        },
        "product_reference": "mupdf-1.18.0-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.18.0-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x"
        },
        "product_reference": "mupdf-1.18.0-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.18.0-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64"
        },
        "product_reference": "mupdf-1.18.0-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.18.0-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64"
        },
        "product_reference": "mupdf-devel-static-1.18.0-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.18.0-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le"
        },
        "product_reference": "mupdf-devel-static-1.18.0-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.18.0-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x"
        },
        "product_reference": "mupdf-devel-static-1.18.0-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.18.0-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        },
        "product_reference": "mupdf-devel-static-1.18.0-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10132",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10132"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10132",
          "url": "https://www.suse.com/security/cve/CVE-2016-10132"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019877 for CVE-2016-10132",
          "url": "https://bugzilla.suse.com/1019877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-10132"
    },
    {
      "cve": "CVE-2016-10141",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10141"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10141",
          "url": "https://www.suse.com/security/cve/CVE-2016-10141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1019877 for CVE-2016-10141",
          "url": "https://bugzilla.suse.com/1019877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-10141"
    },
    {
      "cve": "CVE-2016-10221",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-10221"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-10221",
          "url": "https://www.suse.com/security/cve/CVE-2016-10221"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1032140 for CVE-2016-10221",
          "url": "https://bugzilla.suse.com/1032140"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-10221"
    },
    {
      "cve": "CVE-2016-8729",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8729"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8729",
          "url": "https://www.suse.com/security/cve/CVE-2016-8729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039850 for CVE-2016-8729",
          "url": "https://bugzilla.suse.com/1039850"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039931 for CVE-2016-8729",
          "url": "https://bugzilla.suse.com/1039931"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8729"
    },
    {
      "cve": "CVE-2017-15369",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15369"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15369",
          "url": "https://www.suse.com/security/cve/CVE-2017-15369"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1063413 for CVE-2017-15369",
          "url": "https://bugzilla.suse.com/1063413"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-15369"
    },
    {
      "cve": "CVE-2017-17858",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17858"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17858",
          "url": "https://www.suse.com/security/cve/CVE-2017-17858"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077161 for CVE-2017-17858",
          "url": "https://bugzilla.suse.com/1077161"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-17858"
    },
    {
      "cve": "CVE-2017-5627",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5627"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5627",
          "url": "https://www.suse.com/security/cve/CVE-2017-5627"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022503 for CVE-2017-5627",
          "url": "https://bugzilla.suse.com/1022503"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5627"
    },
    {
      "cve": "CVE-2017-5628",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5628"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5628",
          "url": "https://www.suse.com/security/cve/CVE-2017-5628"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1022504 for CVE-2017-5628",
          "url": "https://bugzilla.suse.com/1022504"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5628"
    },
    {
      "cve": "CVE-2017-5896",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5896"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5896",
          "url": "https://www.suse.com/security/cve/CVE-2017-5896"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1023761 for CVE-2017-5896",
          "url": "https://bugzilla.suse.com/1023761"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1024679 for CVE-2017-5896",
          "url": "https://bugzilla.suse.com/1024679"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1031053 for CVE-2017-5896",
          "url": "https://bugzilla.suse.com/1031053"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5896"
    },
    {
      "cve": "CVE-2017-7976",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7976"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7976",
          "url": "https://www.suse.com/security/cve/CVE-2017-7976"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1035032 for CVE-2017-7976",
          "url": "https://bugzilla.suse.com/1035032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052029 for CVE-2017-7976",
          "url": "https://bugzilla.suse.com/1052029"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7976"
    },
    {
      "cve": "CVE-2018-1000051",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000051"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000051",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080531 for CVE-2018-1000051",
          "url": "https://bugzilla.suse.com/1080531"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1000051"
    },
    {
      "cve": "CVE-2018-16647",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16647"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16647",
          "url": "https://www.suse.com/security/cve/CVE-2018-16647"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107595 for CVE-2018-16647",
          "url": "https://bugzilla.suse.com/1107595"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16647"
    },
    {
      "cve": "CVE-2018-16648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16648",
          "url": "https://www.suse.com/security/cve/CVE-2018-16648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106883 for CVE-2018-16648",
          "url": "https://bugzilla.suse.com/1106883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107593 for CVE-2018-16648",
          "url": "https://bugzilla.suse.com/1107593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16648"
    },
    {
      "cve": "CVE-2018-18662",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18662"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18662",
          "url": "https://www.suse.com/security/cve/CVE-2018-18662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113670 for CVE-2018-18662",
          "url": "https://bugzilla.suse.com/1113670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-18662"
    },
    {
      "cve": "CVE-2018-5686",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5686"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5686",
          "url": "https://www.suse.com/security/cve/CVE-2018-5686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075936 for CVE-2018-5686",
          "url": "https://bugzilla.suse.com/1075936"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5686"
    },
    {
      "cve": "CVE-2018-6187",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6187"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6187",
          "url": "https://www.suse.com/security/cve/CVE-2018-6187"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077407 for CVE-2018-6187",
          "url": "https://bugzilla.suse.com/1077407"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6187"
    },
    {
      "cve": "CVE-2018-6192",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6192"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6192",
          "url": "https://www.suse.com/security/cve/CVE-2018-6192"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077755 for CVE-2018-6192",
          "url": "https://bugzilla.suse.com/1077755"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6192"
    },
    {
      "cve": "CVE-2018-6544",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6544"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6544",
          "url": "https://www.suse.com/security/cve/CVE-2018-6544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079100 for CVE-2018-6544",
          "url": "https://bugzilla.suse.com/1079100"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-1.18.0-1.7.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-6544"
    }
  ]
}

CNVD-2017-32250

Vulnerability from cnvd - Published: 2017-11-01

Title

Artifex MuPDF拒绝服务漏洞（CNVD-2017-32250）

Description

Artifex MuPDF是美国Artifex Software公司的一款免费的、轻量级的PDF阅读器。 Artifex MuPDF 2017-09-25之前的版本中的pdf/pdf-stream.c文件的‘build_filter_chain’函数存在安全漏洞。远程攻击者可借助特制的PDF文档利用该漏洞造成拒绝服务（Fitz fz_drop_imp释放后重用和应用程序崩溃）。

Severity

中

Patch Name

Artifex MuPDF拒绝服务漏洞（CNVD-2017-32250）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-15369

Impacted products

Name
Artifex Software MuPDF <2017-09-25

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15369"
    }
  },
  "description": "Artifex MuPDF\u662f\u7f8e\u56fdArtifex Software\u516c\u53f8\u7684\u4e00\u6b3e\u514d\u8d39\u7684\u3001\u8f7b\u91cf\u7ea7\u7684PDF\u9605\u8bfb\u5668\u3002\r\n\r\nArtifex MuPDF 2017-09-25\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684pdf/pdf-stream.c\u6587\u4ef6\u7684\u2018build_filter_chain\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PDF\u6587\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08Fitz fz_drop_imp\u91ca\u653e\u540e\u91cd\u7528\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
  "discovererName": "Kamil Frankowicz",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32250",
  "openTime": "2017-11-01",
  "patchDescription": "Artifex MuPDF\u662f\u7f8e\u56fdArtifex Software\u516c\u53f8\u7684\u4e00\u6b3e\u514d\u8d39\u7684\u3001\u8f7b\u91cf\u7ea7\u7684PDF\u9605\u8bfb\u5668\u3002\r\n\r\nArtifex MuPDF 2017-09-25\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684pdf/pdf-stream.c\u6587\u4ef6\u7684\u2018build_filter_chain\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PDF\u6587\u6863\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08Fitz fz_drop_imp\u91ca\u653e\u540e\u91cd\u7528\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Artifex MuPDF\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-32250\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Artifex Software  MuPDF \u003c2017-09-25"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15369",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-16",
  "title": "Artifex MuPDF\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-32250\uff09"
}

GHSA-Q727-Q9WC-X4MF

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:46

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-15369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-16T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
  "id": "GHSA-q727-q9wc-x4mf",
  "modified": "2025-04-20T03:46:50Z",
  "published": "2022-05-17T00:26:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15369"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-15369

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-15369

Aliases

CVE-2017-15369

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-15369",
    "description": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
    "id": "GSD-2017-15369",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-15369.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-15369"
      ],
      "details": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.",
      "id": "GSD-2017-15369",
      "modified": "2023-12-13T01:20:58.741126Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-15369",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
            "refsource": "CONFIRM",
            "url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
          },
          {
            "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698592",
            "refsource": "CONFIRM",
            "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15369"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698592",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
            },
            {
              "name": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-11-07T13:20Z",
      "publishedDate": "2017-10-16T01:29Z"
    }
  }
}

FKIE_CVE-2017-15369

Vulnerability from fkie_nvd - Published: 2017-10-16 01:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a
cve@mitre.org	https://bugs.ghostscript.com/show_bug.cgi?id=698592	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a
af854a3a-2127-422b-91ae-364da2661108	https://bugs.ghostscript.com/show_bug.cgi?id=698592	Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	artifex	mupdf	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AEC7EC-1559-463B-9A1A-0807F3C78C38",
              "versionEndIncluding": "1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n build_filter_chain en pdf/pdf-stream.c en Artifex MuPDF, en versiones anteriores al 2017-09-25, gestiona de manera incorrecta un caso espec\u00edfico en el que una variable podr\u00eda encontrarse en un registro, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (uso de memoria despu\u00e9s de su liberaci\u00f3n o use-after-free de Fitz fz_drop_imp y cierre inesperado de la aplicaci\u00f3n) o, probablemente, provocar otro tipo de impacto mediante un documento PDF manipulado."
    }
  ],
  "id": "CVE-2017-15369",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-16T01:29:01.060",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9fe9a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698592"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-15369 (GCVE-0-2017-15369)

OPENSUSE-SU-2024:11068-1

CNVD-2017-32250

GHSA-Q727-Q9WC-X4MF

GSD-2017-15369

FKIE_CVE-2017-15369

Tags

Sightings

Nomenclature