Sign-up

ID

VAR-201609-0097


CVE

CVE-2016-6525


TITLE

MuPDF of pdf/pdf-shade.c of pdf_load_mesh_params Heap-based buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-004846

DESCRIPTION

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. MuPDF is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MuPDF: Multiple vulnerabilities Date: February 19, 2017 Bugs: #589826, #590480, #608702, #608712 ID: 201702-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to execute arbitrary code. Background ========== A lightweight PDF, XPS, and E-book viewer. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/mupdf < 1.10a-r1 >= 1.10a-r1 Description =========== Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted PDF document using MuPDF possibly resulting in the execution of arbitrary code, with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All MuPDF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.10a-r1" References ========== [ 1 ] CVE-2016-6265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6265 [ 2 ] CVE-2016-6525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6525 [ 3 ] CVE-2017-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5896 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --SOUkjTn8b7jo7ow0H6Cwm8HAJCjaRpMjo--

Trust: 1.98

sources: NVD: CVE-2016-6525 // JVNDB: JVNDB-2016-004846 // BID: 92266 // PACKETSTORM: 141172

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.6

vendor:artifexmodel:mupdfscope:lteversion:1.9

Trust: 1.0

vendor:artifexmodel:mupdfscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

vendor:mupdfmodel:mupdfscope:eqversion:1.9

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

sources: BID: 92266 // JVNDB: JVNDB-2016-004846 // CNNVD: CNNVD-201608-239 // NVD: CVE-2016-6525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6525
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6525
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201608-239
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-6525
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-6525
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-004846 // CNNVD: CNNVD-201608-239 // NVD: CVE-2016-6525

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-004846 // NVD: CVE-2016-6525

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 141172 // CNNVD: CNNVD-201608-239

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201608-239

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004846

PATCH
title:Bug 696954url:http://bugs.ghostscript.com/show_bug.cgi?id=696954
Trust: 0.8
title:DSA-3655url:https://www.debian.org/security/2016/dsa-3655
Trust: 0.8
title:Make sure that number of colors in mesh params is valid.url:http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
Trust: 0.8
title:Artifex MuPDF Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63625
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004846 // 
            
            
            
            CNNVD: CNNVD-201608-239

EXTERNAL IDS
db:NVDid:CVE-2016-6525
Trust: 2.8
db:BIDid:92266
Trust: 1.9
db:OPENWALLid:OSS-SECURITY/2016/08/03/8
Trust: 1.6
db:JVNDBid:JVNDB-2016-004846
Trust: 0.8
db:CNNVDid:CNNVD-201608-239
Trust: 0.6
db:PACKETSTORMid:141172
Trust: 0.1
sources:
            
            
            BID: 92266 // 
            
            
            
            JVNDB: JVNDB-2016-004846 // 
            
            
            
            PACKETSTORM: 141172 // 
            
            
            
            CNNVD: CNNVD-201608-239 // 
            
            
            
            NVD: CVE-2016-6525

REFERENCES
url:http://bugs.ghostscript.com/show_bug.cgi?id=696954
Trust: 1.9
url:http://www.openwall.com/lists/oss-security/2016/08/03/8
Trust: 1.6
url:http://www.debian.org/security/2016/dsa-3655
Trust: 1.6
url:http://www.securityfocus.com/bid/92266
Trust: 1.6
url:https://security.gentoo.org/glsa/201702-12
Trust: 1.1
url:http://git.ghostscript.com/?p=mupdf.git%3bh=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
Trust: 1.0
url:http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6525
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6525
Trust: 0.8
url:http://www.mupdf.com/
Trust: 0.3
url:http://seclists.org/oss-sec/2016/q3/241
Trust: 0.3
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6525
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6265
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-6525
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5896
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-6265
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-5896
Trust: 0.1
sources:
            
            
            BID: 92266 // 
            
            
            
            JVNDB: JVNDB-2016-004846 // 
            
            
            
            PACKETSTORM: 141172 // 
            
            
            
            CNNVD: CNNVD-201608-239 // 
            
            
            
            NVD: CVE-2016-6525

CREDITS
redrain root.
Trust: 0.9
sources:
            
            
            BID: 92266 // 
            
            
            
            CNNVD: CNNVD-201608-239

SOURCES
db:BIDid:92266
db:JVNDBid:JVNDB-2016-004846
db:PACKETSTORMid:141172
db:CNNVDid:CNNVD-201608-239
db:NVDid:CVE-2016-6525

LAST UPDATE DATE
2024-11-23T21:54:28.110000+00:00

SOURCES UPDATE DATE
db:BIDid:92266date:2017-03-07T02:05:00
db:JVNDBid:JVNDB-2016-004846date:2016-09-27T00:00:00
db:CNNVDid:CNNVD-201608-239date:2016-09-23T00:00:00
db:NVDid:CVE-2016-6525date:2024-11-21T02:56:17.617

SOURCES RELEASE DATE
db:BIDid:92266date:2016-08-02T00:00:00
db:JVNDBid:JVNDB-2016-004846date:2016-09-27T00:00:00
db:PACKETSTORMid:141172date:2017-02-20T22:47:02
db:CNNVDid:CNNVD-201608-239date:2016-08-11T00:00:00
db:NVDid:CVE-2016-6525date:2016-09-22T15:59:04.977