CVE-2024-46657

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
artifexmupdf
1.24.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mupdf
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
forky
1.25.1+ds1-6
fixed
trixie
1.25.1+ds1-6
fixed
sid
1.25.1+ds1-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mupdf
plucky
not-affected
oracular
ignored
noble
needed
jammy
needed
focal
needed
bionic
needed
xenial
needed
Common Weakness Enumeration
References
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac
https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2
https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac