vendor:
MuPDF, Sumatra
by:
None
7,8
CVSS
HIGH
Integer Overflow
190
CWE
Product Name: MuPDF, Sumatra
Affected Version From: MuPDF 1.0
Affected Version To: MuPDF for iOS 1.1, Sumatra 2.1.1
Patch Exists: YES
Related CWE: CVE-2012-5340
CPE: None
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2012
Sumatra 2.1.1/MuPDF 1.0 Integer Overflow
There is an integer overflow on the MuPDF in the lex_number() function which can be triggered using a corrupt PDF file with ObjStm.
Mitigation:
Update to the latest version of MuPDF library.
