CVE-2019-14975
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-14975
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14975.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-14975
- Published
- 2019-08-14T13:15:11.127Z
- Modified
- 2025-11-20T10:57:18.338454Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
- References
Affected packages
Git / github.com/artifexsoftware/mupdf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/artifexsoftware/mupdf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.*
1.0
1.0rc1
1.1
1.1-forms-tech-preview
1.10
1.10-rc1
1.10-rc2
1.11
1.11-rc1
1.11.1
1.12.0
1.13.0
1.13.0-rc1
1.14.0
1.14.0-rc1
1.15.0
1.15.0-rc1
1.16.0-rc1
1.2
1.3
1.3rc1
1.4
1.4-ios
1.5
1.5-ios
1.5-ios-appstore
1.5-ios-rc6
1.5-ios-rc7
1.5-ios-rc8
1.6
1.6-appstore
1.6-ios-rc1
1.6-ios-rc2
1.7
1.7-rc1
1.7a
1.8
1.9
1.9-rc1
1.9-rc2
1.9a
Other
android-release-60
Database specific
vanir_signatures
[
{
"digest": {
"length": 526.0,
"function_hash": "22132210666855297300176127861558687407"
},
"id": "CVE-2019-14975-33736a38",
"source": "https://github.com/artifexsoftware/mupdf/commit/97096297d409ec6f206298444ba00719607e8ba8",
"signature_type": "Function",
"target": {
"file": "source/pdf/pdf-op-filter.c",
"function": "walk_string"
},
"signature_version": "v1",
"deprecated": false
},
{
"digest": {
"length": 1071.0,
"function_hash": "141360480732212080125857994768008432067"
},
"id": "CVE-2019-14975-88e35d90",
"source": "https://github.com/artifexsoftware/mupdf/commit/97096297d409ec6f206298444ba00719607e8ba8",
"signature_type": "Function",
"target": {
"file": "source/pdf/pdf-op-filter.c",
"function": "pdf_filter_BDC"
},
"signature_version": "v1",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"336948674945074745165323003803061038331",
"228337066716575288865050937022077940283",
"221656355058970566685508219425163779943",
"96870174159668763310029628934872690651",
"132260105859989465243209083360715307007",
"156523484220526223878434138564142152064",
"237780298518384655629887639151886969117",
"225615008956946599777289946369504370065",
"153032065490437228956521532626920716668",
"146418026606449473965403155346357245718",
"173211069242037704485409803972333275309",
"4033915920651572327456290482267201087",
"276850222891534954924501491169626045829",
"279798060542120627889388004407248540488",
"51614699048720659976661558639751357501",
"140943939192747534559147218900914908563",
"20403510788494967940778370452567685346",
"236282834812402812549301621475385993094",
"244787211655720358352757263539100059404",
"103858003738723191802654080744488764322",
"99904283467154005579812588181627296100",
"247480876744661099795709733178890625665",
"205501670981160718848552754477434809912"
]
},
"id": "CVE-2019-14975-fc6a829e",
"source": "https://github.com/artifexsoftware/mupdf/commit/97096297d409ec6f206298444ba00719607e8ba8",
"signature_type": "Line",
"target": {
"file": "source/pdf/pdf-op-filter.c"
},
"signature_version": "v1",
"deprecated": false
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14975.json"