CVE-2014-2013 : Stack-based buffer overflow in the xps_parse

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

Published 2014-03-03 16:55:04

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2014-2013

Artifex » Mupdf
Versions up to, including, (<=) 1.3
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
Matching versions
Artifex » Mupdf » Version: 1.0
cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:*
Matching versions
Artifex » Mupdf » Version: 1.2
cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:*
Matching versions
Artifex » Mupdf » Version: 1.1
cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-2013

EPSS FAQ

28.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-2013

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-2013

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-2013

http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc

git.ghostscript.com Git - mupdf.git/commitdiff
http://www.osvdb.org/102340

404 Not Found
http://www.debian.org/security/2014/dsa-2951

Debian -- Security Information -- DSA-2951-1 mupdf
http://seclists.org/oss-sec/2014/q1/375

oss-sec: Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()
http://bugs.ghostscript.com/show_bug.cgi?id=694957

694957 – Stack-Based Buffer Overflow in xps_parse_color()
Exploit
http://www.hdwsec.fr/blog/mupdf.html

MuPDF
Exploit
http://www.securityfocus.com/bid/65036

MuPDF 'xps_parse_color()' Function Stack Buffer Overflow Vulnerability
http://secunia.com/advisories/58904

Sign in
http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html

openSUSE-SU-2014:0309-1: moderate: mupdf: fixed security problem
http://seclists.org/fulldisclosure/2014/Jan/130

Full Disclosure: 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color()
http://www.exploit-db.com/exploits/31090

MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow - Windows local Exploit
Exploit
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafc

git.ghostscript.com Git

Jump to

Vulnerability Details : CVE-2014-2013

Products affected by CVE-2014-2013

Exploit prediction scoring system (EPSS) score for CVE-2014-2013

CVSS scores for CVE-2014-2013

CWE ids for CVE-2014-2013

References for CVE-2014-2013