Vulnerability Details CVE-2018-6544
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://git.ghostscript.com/?p=mupdf.git%3Bh=26527eef77b3e51c2258c8e40845bfbc015e405d
- http://git.ghostscript.com/?p=mupdf.git%3Bh=b03def134988da8c800adac1a38a41a1f09a1d89
- https://bugs.ghostscript.com/show_bug.cgi?id=698830
- https://bugs.ghostscript.com/show_bug.cgi?id=698965
- https://security.gentoo.org/glsa/201811-15
- https://www.debian.org/security/2018/dsa-4152
- http://git.ghostscript.com/?p=mupdf.git%3Bh=26527eef77b3e51c2258c8e40845bfbc015e405d
- http://git.ghostscript.com/?p=mupdf.git%3Bh=b03def134988da8c800adac1a38a41a1f09a1d89
- https://bugs.ghostscript.com/show_bug.cgi?id=698830
- https://bugs.ghostscript.com/show_bug.cgi?id=698965
- https://security.gentoo.org/glsa/201811-15
- https://www.debian.org/security/2018/dsa-4152
Products affected by CVE-2018-6544
-
cpe:2.3:a:artifex:mupdf:1.12.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0