Incorrect Access of Indexable Resource ('Range Error')

CVE-2019-6130

Medium

5.5/10

Summary

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

References

Advisory Timeline

Published Jan 11, 2019

Incorrect Access of Indexable Resource ('Range Error')

CVE-2019-6130

Summary

CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS