Vulnerability Description
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Mupdf | <= 1.11 |
Related Weaknesses (CWE)
References
- http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9
- https://bugs.ghostscript.com/show_bug.cgi?id=698592Issue TrackingThird Party Advisory
- http://git.ghostscript.com/?p=mupdf.git%3Bh=c2663e51238ec8256da7fc61ad580db891d9
- https://bugs.ghostscript.com/show_bug.cgi?id=698592Issue TrackingThird Party Advisory
FAQ
What is CVE-2017-15369?
CVE-2017-15369 is a vulnerability with a CVSS score of 7.8 (HIGH). The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a den...
How severe is CVE-2017-15369?
CVE-2017-15369 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15369?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mupdf.