CVE-2018-1000040 — Vulnetix

CVE-2018-1000040 PUBLISHED

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

EPSS 0.26% · 49.7th percentile

Risk Scores

EPSS Score

0.26%

49.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	mupdf	0, 1.11+ds1-1.1, 1.11+ds1-2
Ubuntu:Pro:16.04:LTS	mupdf	0, 1.7-1, 1.7a-1

Timeline

May 24, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
May 1, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Jan 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2018-1000040 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5596 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5600 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609 third-party-advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610 third-party-advisory
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-1000040 third-party-advisory

Open in Interactive Console →