Vulnerability Details
Two memory corruption vulnerabilities exist within Artifex MuPDF render that could result in arbitrary code execution if exploited. These two vulnerabilities manifest as a result of improperly parsing and handling parts of a PDF file.-
TALOS-2016-0242 - MuPDF Fitz library font glyph scaling Code Execution Vulnerability
This is a heap out-of-bounds write vulnerability that manifests in the glyph scaling code when a font glyph must be scaled down.
Vulnerability identified by Aleksandar Nikolic.
-
TALOS-2016-0243 - MuPDf JBIG2 Parser Code Execution Vulnerability
This is a heap-based buffer overflow vulnerability that manifests in the JBIG2 image parsing functionality for JBIG2 images that are embedded in a PDF.
Vulnerability identified by Aleksandar Nikolic and Cory Duplantis.
For the full technical details of these vulnerabilities, please refer to the vulnerability advisories that are posted on our website:
http://www.talosintelligence.com/vulnerability-reports/
Coverage
The following Snort Rules detect attempts to exploit these MuPDF vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For all current rule information, please refer to your Firepower Management Center or Snort.org.Snort Rules: 41470-41471, 41224-41225
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.