Vulnerability Description
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Mupdf | 1.10 |
Related Weaknesses (CWE)
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242Third Party Advisory
- http://www.ghostscript.com/cgi-bin/findgit.cgi?0c86abf954ca4a5f00c26f6600acac93f
- https://bugs.ghostscript.com/show_bug.cgi?id=697395
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242Third Party Advisory
FAQ
What is CVE-2016-8728?
CVE-2016-8728 is a vulnerability with a CVSS score of 7.8 (HIGH). An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap me...
How severe is CVE-2016-8728?
CVE-2016-8728 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8728?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mupdf.