CVE-2020-16600
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0030
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Application
Mupdf by Artifex
CPE Identifier
View Detailed Analysis
cpe:2.3:a:artifex:mupdf:1.17.0:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Mupdf by Artifex
Version Range Affected
To
1.16.1
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://git.ghostscript.com/?p=mupdf.git%3Bh=96751b25462f83d6e16a9afaf8980b0c3f9…
https://bugs.ghostscript.com/show_bug.cgi?id=702253
http://git.ghostscript.com/?p=mupdf.git%3Bh=96751b25462f83d6e16a9afaf8980b0c3f9…
https://bugs.ghostscript.com/show_bug.cgi?id=702253