Cisco Blogs
Share

Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

- May 16, 2017 - 0 Comments

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects, especially mobile and web applications. Both of these vulnerabilities, if exploited, could lead to arbitrary code execution of an attacker’s choice on the target device. Both of these vulnerabilities have been responsibly disclosed and Artifex has released software updates to address these vulnerabilities.

Vulnerability Details

Two memory corruption vulnerabilities exist within Artifex MuPDF render that could result in arbitrary code execution if exploited. These two vulnerabilities manifest as a result of improperly parsing and handling parts of a PDF file.

Read more »

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share