Vulnerability Details CVE-2019-7321
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 84.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://bugs.ghostscript.com/show_bug.cgi?id=700560
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=2be83b57e77938fddbb06bdffb11979ad89a9c7d
- https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
- https://bugs.ghostscript.com/show_bug.cgi?id=700560
- https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560