CVE-2018-1000037 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CISA-ADP	ADP	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
artifex	mupdf	𝑥 ≤ 1.12.0
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

mupdf

bullseye	1.17.0+ds1-2 fixed
jessie	not-affected
wheezy	not-affected
bullseye (security)	1.17.0+ds1-1.3~deb11u1 fixed
bookworm	1.21.1+ds2-1 fixed
sid	1.24.10+ds1-1 fixed
trixie	1.24.10+ds1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

mupdf

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	needed
artful	ignored
xenial	needed
trusty	dne

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp=de39f005f12a1afc6973c1f5cec362d6545f70cb

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp=f51836b9732c38d945b87fda0770009a77ba680c

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564

https://bugs.ghostscript.com/show_bug.cgi?id=698882

https://bugs.ghostscript.com/show_bug.cgi?id=698886

https://bugs.ghostscript.com/show_bug.cgi?id=698888

https://bugs.ghostscript.com/show_bug.cgi?id=698890

https://security.gentoo.org/glsa/201811-15

https://www.debian.org/security/2018/dsa-4334

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=8a3257b01faa899dd9b5e35c6bb3403cd709c371%3Bhp=de39f005f12a1afc6973c1f5cec362d6545f70cb

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a%3Bhp=f51836b9732c38d945b87fda0770009a77ba680c

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564

https://bugs.ghostscript.com/show_bug.cgi?id=698882

https://bugs.ghostscript.com/show_bug.cgi?id=698886

https://bugs.ghostscript.com/show_bug.cgi?id=698888

https://bugs.ghostscript.com/show_bug.cgi?id=698890

https://security.gentoo.org/glsa/201811-15

https://www.debian.org/security/2018/dsa-4334