Buffer overflow in Artifex Mupdf

CVE-2014-2013

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a P…

Vulnerability class: Buffer Overflow

EPSS: 0.345 (97.1th percentile) — read the EPSS interpretation.

Affected products

Artifex Mupdf — versions 1.0, 1.1, 1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20140218 Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color() (mailing-list, x_refsource_MLIST)
openSUSE-SU-2014:0309 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
102340 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (Exploit, x_refsource_MISC)
DSA-2951 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color() (mailing-list, x_refsource_FULLDISC)
58904 (x_refsource_SECUNIA, third-party-advisory)
65036 (vdb-entry, x_refsource_BID)