CVE-2014-2013
MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
Desbordamiento de buffer basado en pila en la función xps_parse_color en xps/xps-common.c en MuPDF 1.3 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un número grande de entradas en el valor ContextColor del atributo Fill en un elemento Path.
Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service. Versions less than 1.3_p20140118 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-20 First Exploit
- 2014-02-17 CVE Reserved
- 2014-03-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=60dabde18d7fe12b19da8b509bdfee9cc886aafc | X_refsource_confirm | |
| http://seclists.org/fulldisclosure/2014/Jan/130 | Mailing List |
|
| http://seclists.org/oss-sec/2014/q1/375 | Mailing List |
|
| http://secunia.com/advisories/58904 | Third Party Advisory | |
| http://www.osvdb.org/102340 | Vdb Entry | |
| http://www.securityfocus.com/bid/65036 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31090 | 2014-01-20 | |
| http://bugs.ghostscript.com/show_bug.cgi?id=694957 | 2024-08-06 | |
| http://www.exploit-db.com/exploits/31090 | 2024-08-06 | |
| http://www.hdwsec.fr/blog/mupdf.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html | 2023-11-07 | |
| http://www.debian.org/security/2014/dsa-2951 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artifex Search vendor "Artifex" | Mupdf Search vendor "Artifex" for product "Mupdf" | <= 1.3 Search vendor "Artifex" for product "Mupdf" and version " <= 1.3" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Mupdf Search vendor "Artifex" for product "Mupdf" | 1.0 Search vendor "Artifex" for product "Mupdf" and version "1.0" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Mupdf Search vendor "Artifex" for product "Mupdf" | 1.1 Search vendor "Artifex" for product "Mupdf" and version "1.1" | - |
Affected
| ||||||
| Artifex Search vendor "Artifex" | Mupdf Search vendor "Artifex" for product "Mupdf" | 1.2 Search vendor "Artifex" for product "Mupdf" and version "1.2" | - |
Affected
| ||||||