CVE-2020-19609

MEDIUM

Artifex MuPDF < 1.18.0 - Heap-Based Buffer Overflow in TIFF Colormap Expansion

Title source: llm

Description

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

References (4)

Core 4

Core References

Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://bugs.ghostscript.com/show_bug.cgi?id=701176

Patch x_refsource_misc

http://git.ghostscript.com/?p=mupdf.git%3Bh=b7892cdc7fae62aa57d63ae62144e1f11b5f9275

Exploit, Issue Tracking, Vendor Advisory x_refsource_misc

https://bugs.ghostscript.com/show_bug.cgi?id=703076

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html

Scores

CVSS v3 5.5

EPSS 0.0031

EPSS Percentile 54.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (2)

artifex/mupdf < 1.18.0

debian/debian_linux 9.0

Published Jul 21, 2021

Tracked Since Feb 18, 2026