CVE-2019-6130 - OpenCVE

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Artifex	Mupdf

Configuration 1 [-]

cpe:2.3:a:artifex:mupdf:1.14.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106558
https://bugs.ghostscript.com/show_bug.cgi?id=700446
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed
https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/

History

Wed, 11 Sep 2024 16:15:00 +0000

Type	Values Removed	Values Added
References		https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-11T05:00:00

Updated: 2024-09-11T15:56:35.805877

Reserved: 2019-01-10T00:00:00

Link: CVE-2019-6130

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-11T05:29:01.687

Modified: 2024-09-11T16:15:03.420

Link: CVE-2019-6130

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-6130", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-11T15:56:35.805877", "dateReserved": "2019-01-10T00:00:00", "datePublished": "2019-01-11T05:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-09-11T15:56:35.805877"}, "descriptions": [{"lang": "en", "value": "Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700446"}, {"name": "106558", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/106558"}, {"name": "FEDORA-2019-befe3bd225", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/"}, {"name": "FEDORA-2019-15af6a9a07", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"}, {"name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"}, {"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "datePublic": "2019-01-10T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700446"}, {"name": "106558", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106558"}, {"name": "FEDORA-2019-befe3bd225", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/"}, {"name": "FEDORA-2019-15af6a9a07", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"}, {"name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"}, {"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artifex:mupdf:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "48631AF2-1BED-4AD8-A18F-81D7B8921B0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c."}, {"lang": "es", "value": "Artifex MuPDF 1.14.0 tiene un SEGV en la funci\u00f3n fz_load_page del archivo fitz/document.c, tal y como queda demostrado con mutool. Esto est\u00e1 relacionado con la mala gesti\u00f3n de p\u00e1gina-n\u00famero en cbz/mucbz.c, cbz/muimg.c y svg/svg-doc.c."}], "id": "CVE-2019-6130", "lastModified": "2024-09-11T16:15:03.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-11T05:29:01.687", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106558"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700446"}, {"source": "cve@mitre.org", "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=faf47b94e24314d74907f3f6bc874105f2c962ed"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-118"}], "source": "nvd@nist.gov", "type": "Primary"}]}