ID

VAR-E-201608-0513


CVE

cve_id:CVE-2016-6525

Trust: 0.3

sources: BID: 92266

TITLE

MuPDF CVE-2016-6525 Heap Corruption Denial of Service Vulnerability

Trust: 0.3

sources: BID: 92266

DESCRIPTION

MuPDF is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Trust: 0.3

sources: BID: 92266

AFFECTED PRODUCTS

vendor:mupdfmodel:mupdfscope:eqversion:1.9

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

sources: BID: 92266

EXPLOIT

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Trust: 0.3

sources: BID: 92266

PRICE

Free

Trust: 0.3

sources: BID: 92266

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 92266

CREDITS

redrain root.

Trust: 0.3

sources: BID: 92266

EXTERNAL IDS

db:NVDid:CVE-2016-6525

Trust: 0.3

db:BIDid:92266

Trust: 0.3

sources: BID: 92266

REFERENCES

url:http://bugs.ghostscript.com/show_bug.cgi?id=696954

Trust: 0.3

url:http://www.mupdf.com/

Trust: 0.3

url:http://seclists.org/oss-sec/2016/q3/241

Trust: 0.3

url:http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e

Trust: 0.3

sources: BID: 92266

SOURCES

db:BIDid:92266

LAST UPDATE DATE

2022-07-27T09:15:18.677000+00:00


SOURCES UPDATE DATE

db:BIDid:92266date:2017-03-07T02:05:00

SOURCES RELEASE DATE

db:BIDid:92266date:2016-08-02T00:00:00