CVE-2014-2013

MuPDF < 1.3 - Remote Code Execution via XPS ContextColor Path Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2013. PoCs published by Jean-Jamil Khalife.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2014-2013, a stack-based buffer overflow in MuPDF's xps_parse_color() function. It includes root cause analysis, assembly code snippets, and exploitation techniques.

Description

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jean-Jamil Khalife · textlocalwindows

https://www.exploit-db.com/exploits/31090

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2014-2013, a stack-based buffer overflow in MuPDF's xps_parse_color() function. It includes root cause analysis, assembly code snippets, and exploitation techniques.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: MuPDF <= 1.3

No auth needed

Prerequisites: User interaction to open a malicious XPS document

MITRE ATT&CK