CVE-2017-5991

HIGH

Artifex Mupdf < 1.11 - NULL Pointer Dereference

Title source: rule

Description

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kamil Frankowicz · textdoslinux

https://www.exploit-db.com/exploits/42138

View Code ZIP pw:eip

References (6)

[Patch] http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3797

[Broken Link] http://www.securityfocus.com/bid/96213

[Exploit, Third Party Advisory] https://bugs.ghostscript.com/show_bug.cgi?id=697500

[Third Party Advisory] https://security.gentoo.org/glsa/201706-08

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42138/

Scores

CVSS v3 7.5

EPSS 0.1757

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status draft

Affected Products (3)

artifex/mupdf < 1.11

debian/debian_linux

debian/debian_linux

Timeline

Published Feb 15, 2017

Tracked Since Feb 18, 2026