VDB
CVE-2024-46657
CVE-2024-46657
PUBLISHED
CVSS 5.5 MEDIUM
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
EPSS 0.03% · 9.2th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.03%
9.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| artifex | mupdf | 1.24.9 |
| n/a | n/a | * |
Exploit Intelligence
- CIRCL seen: CVE-2024-46657 (circl-sighting)
- CIRCL seen: CVE-2024-46657 (circl-sighting)
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac (circl)
- https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac (circl)
- Segmentation Fault in `mutool extract` (osv)
Timeline
- Jan 21, 1970 GitHub Gist PoC
- Dec 10, 2024 CVE Published
- Dec 10, 2024 PoC Published
- Dec 10, 2024 PoC Published
- Dec 11, 2024 EPSS Score
- Dec 11, 2024 CVE Updated
- Dec 28, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
- Feb 16, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
References
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac url
- https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac url
- https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-46657 advisory