CVE-2019-6130
First published: Fri Jan 11 2019(Updated: )
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Mupdf | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/106558
- https://bugs.ghostscript.com/show_bug.cgi?id=700446
- https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2019-6130.
What is the severity of CVE-2019-6130?
The severity of CVE-2019-6130 is medium with a severity value of 5.5.
What is the affected software?
The affected software is Artifex MuPDF version 1.14.0.
How can the vulnerability be exploited?
The vulnerability can be exploited by performing a specially crafted operation on MuPDF, which may lead to a segmentation fault and denial of service.
Are there any references related to this vulnerability?
Yes, you can find more information about this vulnerability in the following references: http://www.securityfocus.com/bid/106558, https://bugs.ghostscript.com/show_bug.cgi?id=700446, https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- vendor/artifex
- canonical/artifex mupdf
- version/artifex mupdf/1.14.0