Network Security, Vulnerability Management

Pair of Artifex MuPDF memory corruption vulnerabilities patched

Security researchers spotted a pair of memory corruption vulnerabilities in Artifex MuPDF render, which have since been patched, according to a Talos blog post.

Both could lead to arbitrary code executive, the company reported.

Aleksandar Nikolic discovered TALOS-2016-0242 – MuPDF Fitz library font glyph scaling Code Execution Vulnerability, which Talos said is a heap out-of-bounds write vulnerability that shows up in the glyph scaling code.

Nikolic and Cory Duplantis spotted TALOS-2016-0243 – MuPDF Parser Code Execution Vulnerability, which the company said is a heap-based buffer overflow flaw found in JBIG2 image parsing for those images embedded in PDFs.

Attackers could exploit the vulnerabilities by tailoring a PDF as an email attachment or download for a victim to open, Talos said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.