CVE-2024-46657 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA-ADP	ADP	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
artifex	mupdf	1.24.9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

mupdf

bookworm	unimportant
bullseye	unimportant
bullseye (security)	unimportant
forky	1.25.1+ds1-7 fixed
sid	1.25.1+ds1-9 fixed
trixie	1.25.1+ds1-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

mupdf

bionic	not-affected
focal	Fixed 1.16.1+ds1-1ubuntu1+esm2 released
jammy	Fixed 1.19.0+ds1-2ubuntu0.1~esm1 released
noble	Fixed 1.23.10+ds1-1ubuntu0.1~esm1 released
oracular	ignored
plucky	not-affected
questing	not-affected
xenial	not-affected

Known Exploits!

https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac

https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2

https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac