CVE-2018-1000051 : Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Published 2018-02-09 23:29:02

Updated 2024-09-11 16:15:03

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2018-1000051

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Artifex » Mupdf » Version: 1.12.0
cpe:2.3:a:artifex:mupdf:1.12.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1000051

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 59 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1000051

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-1000051

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1000051

https://security.gentoo.org/glsa/201811-15

MuPDF: Multiple vulnerabilities (GLSA 201811-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://bugs.ghostscript.com/show_bug.cgi?id=698825

698825 – ASAN/valgrind complaint when rendering document
Issue Tracking;Patch
https://bugs.ghostscript.com/show_bug.cgi?id=698873

698873 – AddressSanitizer: heap-use-after-free (/usr/local/bin/mupdf-gl+0x63a1ea) in fz_keep_key_storable
Exploit;Issue Tracking;Third Party Advisory
https://www.debian.org/security/2018/dsa-4152

Debian -- Security Information -- DSA-4152-1 mupdf
Third Party Advisory

CVEs referencing this url
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=321ba1de287016b0036bf4a56ce774ad11763384

mupdf.git - MuPDF library

Jump to

Vulnerability Details : CVE-2018-1000051

Products affected by CVE-2018-1000051

Exploit prediction scoring system (EPSS) score for CVE-2018-1000051

CVSS scores for CVE-2018-1000051

CWE ids for CVE-2018-1000051

References for CVE-2018-1000051