Arbitrary Code Execution and Denial of Service Vulnerability in Artifex MuPDF 1.11 via Crafted .xps File

Arbitrary Code Execution and Denial of Service Vulnerability in Artifex MuPDF 1.11 via Crafted .xps File

CVE-2017-14686 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

Learn more about our User Device Pen Test.