CVE-2018-1000037 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
artifex	mupdf	𝑥 ≤ 1.12.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
artifex	mupdf	𝑥 ≤ 1.12.0	ADP

Debian Releases

Debian Product

Codename

mupdf

bookworm	1.21.1+ds2-1 fixed
bullseye	1.17.0+ds1-2 fixed
bullseye (security)	1.17.0+ds1-1.3~deb11u1 fixed
jessie	not-affected
sid	1.24.10+ds1-1 fixed
trixie	1.24.10+ds1-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

mupdf

artful	ignored
bionic	needed
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	needed

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp=de39f005f12a1afc6973c1f5cec362d6545f70cb

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp=f51836b9732c38d945b87fda0770009a77ba680c

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564

https://bugs.ghostscript.com/show_bug.cgi?id=698882

https://bugs.ghostscript.com/show_bug.cgi?id=698886

https://bugs.ghostscript.com/show_bug.cgi?id=698888

https://bugs.ghostscript.com/show_bug.cgi?id=698890

https://security.gentoo.org/glsa/201811-15

https://www.debian.org/security/2018/dsa-4334

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp=de39f005f12a1afc6973c1f5cec362d6545f70cb

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp=f51836b9732c38d945b87fda0770009a77ba680c

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564

https://bugs.ghostscript.com/show_bug.cgi?id=698882

https://bugs.ghostscript.com/show_bug.cgi?id=698886

https://bugs.ghostscript.com/show_bug.cgi?id=698888

https://bugs.ghostscript.com/show_bug.cgi?id=698890

https://security.gentoo.org/glsa/201811-15

https://www.debian.org/security/2018/dsa-4334