Artifex MuPDF up to 1.20.0-rc1 pdf-op-run.c pdf_run_xobject null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Artifex MuPDF. This vulnerability affects the function pdf_run_xobject of the file pdf-op-run.c. This manipulation causes null pointer dereference.
The identification of this vulnerability is CVE-2017-5991. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is advisable to upgrade the affected component.
Details
A vulnerability has been found in Artifex MuPDF (Document Reader Software) and classified as problematic. Affected by this vulnerability is the function pdf_run_xobject of the file pdf-op-run.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:
An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation.
The bug was discovered 02/15/2017. The weakness was shared 02/15/2017 as confirmed git commit (GIT Repository). It is possible to read the advisory at git.ghostscript.com. This vulnerability is known as CVE-2017-5991 since 02/15/2017. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known.
It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 97442 (Debian DSA-3797-1 : mupdf - security update), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 175975 (Debian Security Update for mupdf (DSA 3797-1)).
Upgrading to version 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 eliminates this vulnerability. The upgrade is hosted for download at git.ghostscript.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.ghostscript.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (42138), Tenable (97442) and SecurityFocus (BID 96213†). The entry VDB-96994 is related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://artifex.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.4VulDB Meta Temp Score: 6.1
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 97442
Nessus Name: Debian DSA-3797-1 : mupdf - security update
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 703797
OpenVAS Name: Debian Security Advisory DSA 3797-1 (mupdf - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: MuPDF 1912de5f08e90af1d9d0a9791f58ba3afdb9d465
Patch: git.ghostscript.com
Timeline
02/15/2017 🔍02/15/2017 🔍
02/15/2017 🔍
02/15/2017 🔍
02/15/2017 🔍
02/15/2017 🔍
02/28/2017 🔍
03/01/2017 🔍
11/30/2024 🔍
Sources
Vendor: artifex.comAdvisory: git.ghostscript.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-5991 (🔍)
GCVE (CVE): GCVE-0-2017-5991
GCVE (VulDB): GCVE-100-96979
OVAL: 🔍
SecurityFocus: 96213 - Artifex MuPDF CVE-2017-5991 Null Pointer Dereference Denial of Service Vulnerability
OSVDB: - CVE-2017-5991 - Artifex Software - MuPDF - Denial of Service Issue
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 02/15/2017 13:56Updated: 11/30/2024 16:26
Changes: 02/15/2017 13:56 (81), 08/14/2020 20:11 (9), 11/30/2024 16:26 (17)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.