Severity |
|
Remote |
|
Type |
+ |
Arbitrary code execution |
|
Description |
+ |
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. |
|
References |
+ |
https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 |
+ |
https://bugs.ghostscript.com/show_bug.cgi?id=698819 |
+ |
https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md |
|
Notes |
|