QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13290

Published: Jul 4, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.ghostscript.com/show_bug.cgi?id=701118

x_refsource_MISC

http://git.ghostscript.com/?p=mupdf.git%3Bh=aaf794439e40a2ef544f15b50c20e657414dec7a

x_refsource_MISC

http://git.ghostscript.com/?p=mupdf.git%3Bh=ed19bc806809ad10c4ddce515d375581b86ede85

x_refsource_MISC

https://archive.today/oi6bm

x_refsource_MISC

FEDORA-2019-10f02ad597

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.