CVE-2020-19609

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275', 'name': 'http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () http://git.ghostscript.com/?p=mupdf.git%3Bh=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 -

14 Dec 2021, 22:08

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html - Third Party Advisory

24 Sep 2021, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html -

29 Jul 2021, 19:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.5
CWE CWE-787
CPE cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
References (MISC) http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 - (MISC) http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 - Patch, Vendor Advisory
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=701176 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=701176 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=703076 - (MISC) https://bugs.ghostscript.com/show_bug.cgi?id=703076 - Exploit, Issue Tracking, Vendor Advisory

21 Jul 2021, 15:21

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-21 15:15

Updated : 2023-12-10 13:55


NVD link : CVE-2020-19609

Mitre link : CVE-2020-19609

CVE.ORG link : CVE-2020-19609


JSON object : View

Products Affected

debian

  • debian_linux

artifex

  • mupdf
CWE
CWE-787

Out-of-bounds Write