Network Security, Vulnerability Management

Pair of Artifex MuPDF memory corruption vulnerabilities patched

Share

Security researchers spotted a pair of memory corruption vulnerabilities in Artifex MuPDF render, which have since been patched, according to a Talos blog post.

Both could lead to arbitrary code executive, the company reported.

Aleksandar Nikolic discovered TALOS-2016-0242 – MuPDF Fitz library font glyph scaling Code Execution Vulnerability, which Talos said is a heap out-of-bounds write vulnerability that shows up in the glyph scaling code.

Nikolic and Cory Duplantis spotted TALOS-2016-0243 – MuPDF Parser Code Execution Vulnerability, which the company said is a heap-based buffer overflow flaw found in JBIG2 image parsing for those images embedded in PDFs.

Attackers could exploit the vulnerabilities by tailoring a PDF as an email attachment or download for a victim to open, Talos said.

Pair of Artifex MuPDF memory corruption vulnerabilities patched

If exploited, both could lead to arbitrary code executive, the company reported.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.