Vulnerability Description
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Mupdf | < 1.12.0 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.ghostscript.com/cgi-bin/findgit.cgi?520cc26d18c9ee245b56e9e91f9d4fcaePatchThird Party Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=698699Permissions RequiredThird Party Advisory
- https://www.debian.org/security/2018/dsa-4334Third Party Advisory
- http://www.ghostscript.com/cgi-bin/findgit.cgi?520cc26d18c9ee245b56e9e91f9d4fcaePatchThird Party Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=698699Permissions RequiredThird Party Advisory
- https://www.debian.org/security/2018/dsa-4334Third Party Advisory
FAQ
What is CVE-2017-17866?
CVE-2017-17866 is a vulnerability with a CVSS score of 7.8 (HIGH). pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (bu...
How severe is CVE-2017-17866?
CVE-2017-17866 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17866?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mupdf, Debian Debian Linux.