VDB
CVE-2017-5991
CVE-2017-5991
PUBLISHED
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
EPSS 33.18% · 97.0th percentile
Risk Scores
EPSS Score
33.18%
97.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | mupdf | 1.7-1, 1.7a-1ubuntu0.1~esm1, 0 |
Exploit Intelligence
- https://bugs.ghostscript.com/show_bug.cgi?id=697500 (nist-nvd)
- https://www.exploit-db.com/exploits/42138/ (nist-nvd)
- CIRCL exploited: CVE-2017-5991 (circl-sighting)
- http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 (circl)
- DSA-3797 (circl)
- GLSA-201706-08 (circl)
- 96213 (circl)
- Artifex MuPDF - Null Pointer Dereference Vulnerability (0day-today)
- Artifex MuPDF - Null Pointer Dereference Vulnerability (0day-today)
Timeline
- Feb 15, 2017 CVE Published
- Jun 7, 2017 PoC Published
- Jun 7, 2017 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5991 third-party-advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=697500 third-party-advisory
- http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5991 third-party-advisory