mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 23:27:33 +02:00
0xMarcio
882 B
882 B
CVE-2017-14686
Description
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.
POC
Reference
- https://bugs.ghostscript.com/show_bug.cgi?id=698540
- https://bugs.ghostscript.com/show_bug.cgi?id=698540
Github
No PoCs found on GitHub currently.