| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. |
|
| References |
| + |
https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 |
| + |
https://bugs.ghostscript.com/show_bug.cgi?id=698819 |
| + |
https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md |
|
| Notes |
|