Vulnerability Description
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
CVSS Score
5.5
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Mupdf | 1.14.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106558Third Party AdvisoryVDB Entry
- https://bugs.ghostscript.com/show_bug.cgi?id=700446ExploitThird Party Advisory
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e2431
- https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://www.securityfocus.com/bid/106558Third Party AdvisoryVDB Entry
- https://bugs.ghostscript.com/show_bug.cgi?id=700446ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2019-6130?
CVE-2019-6130 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg...
How severe is CVE-2019-6130?
CVE-2019-6130 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6130?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mupdf.