CVE-2017-14686 - OpenCVE

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Artifex	Mupdf
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
http://www.debian.org/security/2017/dsa-4006
https://bugs.ghostscript.com/show_bug.cgi?id=698540
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-22T06:00:00

Updated: 2024-08-05T19:34:39.459Z

Reserved: 2017-09-22T00:00:00

Link: CVE-2017-14686

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-09-22T06:29:00.267

Modified: 2023-11-07T02:39:09.980

Link: CVE-2017-14686

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d\" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-04T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-4006", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-4006"}, {"tags": ["x_refsource_MISC"], "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698540"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14686", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d\" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4006", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-4006"}, {"name": "http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1", "refsource": "MISC", "url": "http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1"}, {"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698540", "refsource": "MISC", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698540"}, {"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686", "refsource": "MISC", "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:39.459Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4006", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-4006"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698540"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14686", "datePublished": "2017-09-22T06:00:00", "dateReserved": "2017-09-22T00:00:00", "dateUpdated": "2024-08-05T19:34:39.459Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "13F18A1A-67A7-471B-AD7A-29F65DF4F2BD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d\" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers."}, {"lang": "es", "value": "La versi\u00f3n 1.11 de Artifex MuPDF permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .xps manipulado, relacionado con \"User Mode Write AV comenzando en wow64!Wow64NotifyDebugger+0x000000000000001d\" en Windows. Esto ocurre porque read_zip_dir_imp en fitz/unzip.c no comprueba si los campos de tama\u00f1o en una entrada ZIP son n\u00fameros negativos."}], "id": "CVE-2017-14686", "lastModified": "2023-11-07T02:39:09.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-22T06:29:00.267", "references": [{"source": "cve@mitre.org", "url": "http://git.ghostscript.com/?p=mupdf.git%3Bh=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-4006"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698540"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14686"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}