CVE-2016-8674

Name: CVE-2016-8674
Creator: NVD / NIST
Published: 2017-02-15T21:59:00.307+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.38%

Last modified Jun 17, 2026

CVE-2016-8674 is a vulnerability of currently unknown severity. The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.. EPSS estimates a 1.38% chance of exploitation in the next 30 days.

Description

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

Metrics

EPSS Probability

1.38%

68.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions
Artifex	Mupdf	<= 1.9a

References

http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec
http://www.debian.org/security/2017/dsa-3797
http://www.openwall.com/lists/oss-security/2016/10/16/8Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/93127Third Party Advisory, VDB Entry
https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/Patch, Third Party Advisory, VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697015Issue Tracking, Patch
https://bugs.ghostscript.com/show_bug.cgi?id=697019Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1385685Issue Tracking, Patch
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec
http://www.debian.org/security/2017/dsa-3797
http://www.openwall.com/lists/oss-security/2016/10/16/8Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/93127Third Party Advisory, VDB Entry
https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/Patch, Third Party Advisory, VDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=697015Issue Tracking, Patch
https://bugs.ghostscript.com/show_bug.cgi?id=697019Issue Tracking, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1385685Issue Tracking, Patch

Timeline

Published: Feb 15, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-8674?

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

How severe is CVE-2016-8674?

Severity scoring for CVE-2016-8674 is pending analysis. The EPSS model estimates a 1.38% probability of exploitation in the next 30 days.

How do I fix CVE-2016-8674?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-8674?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST