Sign-up

ID

VAR-202001-0062


CVE

CVE-2012-5340


TITLE

SumatraPDF  and  MuPDF  Vulnerable to integer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-006573

DESCRIPTION

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. SumatraPDF and MuPDF Contains an integer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sumatra PDF and MuPDF are prone to an integer-overflow vulnerability because they fail to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary malicious code in the context of the affected application. Failed exploit attempts will likely crash the application. The following versions are vulnerable: MuPDF 1.0 MuPDF for iOS 1.1 Sumatra 2.1.1. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: MuPDF "pdf_repair_obj_stm()" Signedness Vulnerability SECUNIA ADVISORY ID: SA51544 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51544/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51544 RELEASE DATE: 2012-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/51544/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51544/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51544 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MuPDF, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error in the "pdf_repair_obj_stm()" function (pdf/pdf_repair.c) when processing a stream and can be exploited to corrupt memory via a specially crafted length number. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious PDF document. The vulnerability is confirmed in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: beford ORIGINAL ADVISORY: beford: http://www.exploit-db.com/exploits/23246/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2012-5340 // JVNDB: JVNDB-2012-006573 // BID: 56875 // PACKETSTORM: 118778 // PACKETSTORM: 118777

AFFECTED PRODUCTS

vendor:artifexmodel:mupdfscope:eqversion:1.0

Trust: 1.8

vendor:sumatrapdfreadermodel:sumatrapdfscope:eqversion:2.1.1

Trust: 1.0

vendor:artifexmodel:mupdfscope:eqversion:1.1

Trust: 1.0

vendor:krzysztof kowalczykmodel:sumatrapdfscope:eqversion:2.1.1

Trust: 0.8

vendor:sumatramodel:pdf sumatra pdfscope:eqversion:2.1.1

Trust: 0.3

vendor:mupdfmodel:for iosscope:eqversion:1.1

Trust: 0.3

vendor:mupdfmodel:mupdfscope:eqversion:1.0

Trust: 0.3

vendor:mupdfmodel:mupdfscope:neversion:1.1

Trust: 0.3

sources: BID: 56875 // JVNDB: JVNDB-2012-006573 // NVD: CVE-2012-5340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5340
value: HIGH

Trust: 1.0

NVD: CVE-2012-5340
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2012-5340
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2012-5340
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2012-5340
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2012-006573 // NVD: CVE-2012-5340

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2012-006573 // NVD: CVE-2012-5340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-132

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201212-132

PATCH

title:Artifex Software Krzysztof KowalczykSumatra PDFurl:https://artifex.com/products-mupdf-overview/

Trust: 0.8

title:Sumatra PDF/MuPDF lex_number() Fixes for function integer overflow vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108035

Trust: 0.6

sources: JVNDB: JVNDB-2012-006573 // CNNVD: CNNVD-201212-132

EXTERNAL IDS

db:NVDid:CVE-2012-5340

Trust: 2.7

db:EXPLOIT-DBid:23246

Trust: 2.6

db:JVNDBid:JVNDB-2012-006573

Trust: 0.8

db:CNNVDid:CNNVD-201212-132

Trust: 0.6

db:BIDid:56875

Trust: 0.3

db:SECUNIAid:51544

Trust: 0.2

db:SECUNIAid:51511

Trust: 0.2

db:PACKETSTORMid:118778

Trust: 0.1

db:PACKETSTORMid:118777

Trust: 0.1

sources: BID: 56875 // JVNDB: JVNDB-2012-006573 // PACKETSTORM: 118778 // PACKETSTORM: 118777 // CNNVD: CNNVD-201212-132 // NVD: CVE-2012-5340

REFERENCES

url:http://www.exploit-db.com/exploits/23246

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2012-5340

Trust: 1.4

url:https://bugs.ghostscript.com/show_bug.cgi?id=693371

Trust: 1.0

url:https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9

Trust: 1.0

url:http://blog.kowalczyk.info/software/sumatrapdf/prerelease.html

Trust: 0.3

url:https://www.mupdf.com/

Trust: 0.3

url:http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9

Trust: 0.3

url:http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.2

url:http://www.exploit-db.com/exploits/23246/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/blog/325/

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51544

Trust: 0.1

url:http://secunia.com/advisories/51544/#comments

Trust: 0.1

url:http://secunia.com/advisories/51544/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51511

Trust: 0.1

url:http://secunia.com/advisories/51511/

Trust: 0.1

url:http://secunia.com/advisories/51511/#comments

Trust: 0.1

sources: BID: 56875 // JVNDB: JVNDB-2012-006573 // PACKETSTORM: 118778 // PACKETSTORM: 118777 // CNNVD: CNNVD-201212-132 // NVD: CVE-2012-5340

CREDITS

beford

Trust: 0.9

sources: BID: 56875 // CNNVD: CNNVD-201212-132

SOURCES

db:BIDid:56875
db:JVNDBid:JVNDB-2012-006573
db:PACKETSTORMid:118778
db:PACKETSTORMid:118777
db:CNNVDid:CNNVD-201212-132
db:NVDid:CVE-2012-5340

LAST UPDATE DATE

2024-09-13T23:17:49.693000+00:00


SOURCES UPDATE DATE

db:BIDid:56875date:2012-12-09T00:00:00
db:JVNDBid:JVNDB-2012-006573date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-201212-132date:2020-05-26T00:00:00
db:NVDid:CVE-2012-5340date:2024-09-12T18:15:05.503

SOURCES RELEASE DATE

db:BIDid:56875date:2012-12-09T00:00:00
db:JVNDBid:JVNDB-2012-006573date:2020-02-10T00:00:00
db:PACKETSTORMid:118778date:2012-12-12T10:00:36
db:PACKETSTORMid:118777date:2012-12-12T10:00:33
db:CNNVDid:CNNVD-201212-132date:2012-12-12T00:00:00
db:NVDid:CVE-2012-5340date:2020-01-23T22:15:09.683