Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2013

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2013
Last Modified 29 Jul 2015 12:20:16
Published 03 Mar 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2013

Summary

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

Vulnerable Systems

Application

  • Artifex Mupdf 1.0

  • Artifex Mupdf 1.1

  • Artifex Mupdf 1.2

  • Artifex Mupdf 1.3


References

MISC - http://www.hdwsec.fr/blog/mupdf.html

MLIST - [oss-security] 20140218 Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()

FULLDISC - 20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color()

SUSE - openSUSE-SU-2014:0309

CONFIRM - http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc

CONFIRM - http://bugs.ghostscript.com/show_bug.cgi?id=694957

SECUNIA - 58904

BID - 65036

OSVDB - 102340

EXPLOIT-DB - 31090


Last Updated: 27 May 2016 11:08:47