Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiffexpandcolormap() function when parsing TIFF files allowing attackers to cause a denial of service.
{ "vanir_signatures": [ { "id": "CVE-2020-19609-91bd22d4", "digest": { "threshold": 0.9, "line_hashes": [ "76920546631759322246527467490251199875", "340040321338536262114100541643141255870", "116442093724906783824796458210151561654", "39735944821352736364414258139594747771", "201723191520396315939464895643274110115", "20129206999309322410363543612250604961", "253549865349229191539173383921154422334", "69739083799557896998941262877448309888", "96840014772434106414225453686075656896", "269940169438491882205853047335703195872", "193123336443576537584243481354558573900", "470424901104694111857759229088345522", "148528187658349439914426295209030690800", "36862906143268150745729279185893731936", "14075825109739105745149694780895933509", "137502807814932668203387647412756923614", "97603555291672204948109317861153438342", "326261060561488912049801467062038365194", "255897402392510710039415928318102135017", "310965173133449292282000847890337953773" ] }, "signature_type": "Line", "target": { "file": "source/tools/murun.c" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/artifexsoftware/mupdf/commit/ea5799e01730c4aa15cddd1023700e4f7b78cc27" }, { "id": "CVE-2020-19609-e21e7b3e", "digest": { "length": 23845.0, "function_hash": "251675964121664698738070537556026348583" }, "signature_type": "Function", "target": { "file": "source/tools/murun.c", "function": "murun_main" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/artifexsoftware/mupdf/commit/ea5799e01730c4aa15cddd1023700e4f7b78cc27" } ] }