VDB
CVE-2018-1000037
CVE-2018-1000037
PUBLISHED
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
EPSS 0.30% · 53.9th percentile
Risk Scores
EPSS Score
0.30%
53.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | mupdf | 1.11+ds1-1.1, 1.11+ds1-2, 1.12.0+ds1-1 |
| Ubuntu:Pro:16.04:LTS | mupdf | 0, 1.7-1, 1.7a-1ubuntu0.1~esm1 |
Timeline
- May 24, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000037 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 third-party-advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 third-party-advisory
- http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 third-party-advisory
- http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb third-party-advisory
- http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000037 third-party-advisory