Description
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Jean-Jamil Khalife · textlocalwindows
https://www.exploit-db.com/exploits/31090
References (11)
Core 11
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/375
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html
Patch x_refsource_confirm
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/102340
Exploit x_refsource_misc
http://www.hdwsec.fr/blog/mupdf.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2951
Exploit x_refsource_confirm
http://bugs.ghostscript.com/show_bug.cgi?id=694957
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jan/130
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58904
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65036
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/31090
Scores
EPSS
0.3447
EPSS Percentile
97.0%
Details
CWE
CWE-119
Status
published
Products (4)
artifex/mupdf
1.0
artifex/mupdf
1.1
artifex/mupdf
1.2
artifex/mupdf
< 1.3
Published
Mar 03, 2014
Tracked Since
Feb 18, 2026