MuPDF is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code within the context of affected application or cause denial-of-service condition.
MuPDF 1.10a is affected; other versions may also be affected.
Information
Artifex Mupdf 1.10a
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- MuPDF Homepage (MuPDF)
- mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) (Agostino Sarubbo)