CVE-2017-6060

HIGH

Artifex Mupdf - Out-of-Bounds Write

Title source: rule

Description

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Agostino Sarubbo · textdoslinux

https://www.exploit-db.com/exploits/42139

View Code ZIP pw:eip

References (8)

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/02/18/1

[Broken Link] http://www.securityfocus.com/bid/96266

[Exploit, Issue Tracking, Third Party Advisory, VDB Entry] https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/

[Exploit, Third Party Advisory] https://bugs.ghostscript.com/show_bug.cgi?id=697551

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html

[Third Party Advisory] https://security.gentoo.org/glsa/201706-08

[Patch] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=06a012a42c9884e3cd653e7826cff1ddec04eb6e

[Patch] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14

Scores

CVSS v3 7.8

EPSS 0.0292

EPSS Percentile 86.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status draft

Affected Products (2)

artifex/mupdf

debian/debian_linux

Timeline

Published Mar 15, 2017

Tracked Since Feb 18, 2026