Null pointer dereference in MuPDF - CVE-2017-5991
Published: June 6, 2017 / Updated: April 7, 2020
Vulnerability identifier: #VU6921
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-5991
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Artifex Software, Inc.
Affected software:
MuPDF
MuPDF
Detailed vulnerability description
An issue was discovered in Artifex Software, Inc. MuPDF before
1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function
in pdf-op-run.c encounters a NULL pointer dereference during a Fitz
fz_paint_pixmap_with_mask painting operation.
How to mitigate CVE-2017-5991
Update to version 1.11-r1.