VDB-99235 · CVE-2016-10221 · Qualys 170568

Artifex MuPDF 1.10a pdf-layer.c count_entries PDF Document memory corruption

A vulnerability classified as problematic was found in Artifex MuPDF 1.10a. Affected by this vulnerability is the function count_entries of the file pdf-layer.c. The manipulation as part of PDF Document leads to memory corruption. The CWE definition for the vulnerability is CWE-119. The bug was discovered 12/01/2016. The weakness was published 04/03/2017 as FEDORA-2017-2d11503623 (Website). It is possible to read the advisory at bugs.ghostscript.com. This vulnerability is known as CVE-2016-10221. The attack needs to be approached locally. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 123 days. We expect the 0-day to have been worth approximately $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99406 (Fedora 25 : mupdf (2017-2d11503623)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 170568 (OpenSUSE Security Update for mupdf (openSUSE-SU-2017:3064-1)). It is recommended to upgrade the affected component. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: Tenable (99406).

Field04/03/2017 04:55 PM08/25/2020 11:12 AM11/24/2022 05:19 PM
typeDocument Reader SoftwareDocument Reader SoftwareDocument Reader Software
vendorArtifexArtifexArtifex
nameMuPDFMuPDFMuPDF
version1.10a1.10a1.10a
filepdf-layer.cpdf-layer.cpdf-layer.c
functioncount_entriescount_entriescount_entries
input_typePDF DocumentPDF DocumentPDF Document
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.24.24.3
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.23.23.2
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
urlhttps://bugs.ghostscript.com/show_bug.cgi?id=697400https://bugs.ghostscript.com/show_bug.cgi?id=697400https://bugs.ghostscript.com/show_bug.cgi?id=697400
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-10221CVE-2016-10221CVE-2016-10221
cve_assigned1486598400 (02/09/2017)1486598400 (02/09/2017)1486598400 (02/09/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryThe count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.
nessus_id994069940699406
nessus_nameFedora 25 : mupdf (2017-2d11503623)Fedora 25 : mupdf (2017-2d11503623)Fedora 25 : mupdf (2017-2d11503623)
nessus_filenamefedora_2017-2d11503623.naslfedora_2017-2d11503623.naslfedora_2017-2d11503623.nasl
nessus_riskMediumMediumMedium
nessus_familyFedora Local Security ChecksFedora Local Security ChecksFedora Local Security Checks
nessus_typelocallocallocal
nessus_date1492387200 (04/17/2017)1492387200 (04/17/2017)1492387200 (04/17/2017)
openvas_id867773867773867773
openvas_filenamegb_fedora_2017_2d11503623_mupdf_fc25.naslgb_fedora_2017_2d11503623_mupdf_fc25.naslgb_fedora_2017_2d11503623_mupdf_fc25.nasl
openvas_titleFedora Update for mupdf FEDORA-2017-2d11503623Fedora Update for mupdf FEDORA-2017-2d11503623Fedora Update for mupdf FEDORA-2017-2d11503623
openvas_familyFedora Local Security ChecksFedora Local Security ChecksFedora Local Security Checks
qualys_id170568170568170568
qualys_titleOpenSUSE Security Update for mupdf (openSUSE-SU-2017:3064-1)OpenSUSE Security Update for mupdf (openSUSE-SU-2017:3064-1)OpenSUSE Security Update for mupdf (openSUSE-SU-2017:3064-1)
seealso117000117000117000
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
reaction_days131313
0day_days123123123
exposure_days131313
cvss3_nvd_basescore5.55.55.5
discoverydate14805504001480550400
nameUpgradeUpgrade
date1492300800 (04/16/2017)1492300800 (04/16/2017)
osvdb_titleCVE-2016-10221 - MuPDF - Buffer Overflow IssueCVE-2016-10221 - MuPDF - Buffer Overflow Issue
identifierFEDORA-2017-2d11503623
cvss2_nvd_basescore4.3

Do you know our Splunk app?

Download it now for free!