ID
VAR-E-201101-0027
TITLE
MuPDF 'closedctd()' PDF File Handling Remote Code Execution Vulnerability
Trust: 0.3
DESCRIPTION
MuPDF is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.
MuPDF 0.7 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sumatra | model: | pdf sumatra pdf | scope: | eq | version: | 0.9.3 | Trust: 0.3 |
| vendor: | sumatra | model: | pdf sumatra pdf | scope: | eq | version: | 1.2 | Trust: 0.3 |
| vendor: | sumatra | model: | pdf sumatra pdf | scope: | eq | version: | 1.1 | Trust: 0.3 |
| vendor: | mupdf | model: | mupdf | scope: | eq | version: | 0.7 | Trust: 0.3 |
| vendor: | mupdf | model: | mupdf | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | sumatra | model: | pdf sumatra pdf | scope: | ne | version: | 1.3 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
The reporter of this issue has developed a proof of concept demonstrating this issue.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
CREDITS
Shinnai
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 46027 | Trust: 0.3 |
REFERENCES
| url: | http://blog.kowalczyk.info/software/sumatrapdf/index.html | Trust: 0.3 |
| url: | http://ccxvii.net/fitz/ | Trust: 0.3 |
| url: | http://code.google.com/p/sumatrapdf/issues/detail?id=1180 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 46027 |
LAST UPDATE DATE
2022-07-27T09:22:23.979000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 46027 | date: | 2011-01-26T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 46027 | date: | 2011-01-26T00:00:00 |