Pair of Artifex MuPDF memory corruption vulnerabilities patched | SC Media
Architecture, Network security, Strategy, Vulnerability management

Pair of Artifex MuPDF memory corruption vulnerabilities patched

May 17, 2017

Security researchers spotted a pair of memory corruption vulnerabilities in Artifex MuPDF render, which have since been patched, according to a Talos blog post.

Both could lead to arbitrary code executive, the company reported.

Aleksandar Nikolic discovered TALOS-2016-0242 – MuPDF Fitz library font glyph scaling Code Execution Vulnerability, which Talos said is a heap out-of-bounds write vulnerability that shows up in the glyph scaling code.

Nikolic and Cory Duplantis spotted TALOS-2016-0243 – MuPDF Parser Code Execution Vulnerability, which the company said is a heap-based buffer overflow flaw found in JBIG2 image parsing for those images embedded in PDFs.

Attackers could exploit the vulnerabilities by tailoring a PDF as an email attachment or download for a victim to open, Talos said.

prestitial ad