CVE-2023-51105 – A divide-by-zero vulnerability in Artifex MuPDF... (How to Fix)

📋 TL;DR

A divide-by-zero vulnerability in Artifex MuPDF's BMP image processing allows attackers to crash the application via specially crafted BMP files. This affects all users of MuPDF 1.23.4 and earlier versions that process untrusted BMP images. The vulnerability can lead to denial of service and potential memory corruption.

💻 Affected Systems

Products:

Artifex MuPDF

Versions: 1.23.4 and earlier versions

Operating Systems: All platforms running MuPDF

Default Config Vulnerable: ⚠️ Yes

Notes: All installations that process BMP images are vulnerable. The vulnerability is in the core library and affects all configurations.

📦 What is this software?

Mupdf by Artifex

View all CVEs affecting Mupdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption following the floating point exception, potentially allowing full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious BMP files, potentially disrupting document processing workflows.

🟢

If Mitigated

Controlled crash with no data loss if application runs with proper privilege separation and input validation.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious BMP files, which could be delivered via web applications or email attachments.

🏢 Internal Only: LOW - Risk primarily exists when processing untrusted documents from external sources.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in public repositories. Exploitation requires delivering a malicious BMP file to be processed by MuPDF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit cee86dc519d5270a3b96476ad15809ceace64a26

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=707622

Restart Required: Yes

Instructions:

1. Update MuPDF to version after commit cee86dc519d5270a3b96476ad15809ceace64a26
2. Rebuild from source or obtain patched binaries
3. Restart all MuPDF processes and dependent applications

🔧 Temporary Workarounds

Disable BMP processing

all

Configure MuPDF to reject or skip BMP file processing

Modify MuPDF configuration to disable BMP support

Input validation

all

Implement file type validation before passing to MuPDF

Add BMP file validation in wrapper scripts or applications

🧯 If You Can't Patch

Implement strict file upload controls to block BMP files from untrusted sources
Run MuPDF in sandboxed/containerized environments with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check MuPDF version with 'mupdf --version' and verify if it's 1.23.4 or earlier

Check Version:

mupdf --version

Verify Fix Applied:

Verify the commit hash includes cee86dc519d5270a3b96476ad15809ceace64a26 or test with known malicious BMP files

📡 Detection & Monitoring

Log Indicators:

Floating point exception errors
SIGFPE signals
MuPDF crash logs with bmp_decompress_rle4 stack traces

Network Indicators:

Unusual BMP file transfers to systems running MuPDF

SIEM Query:

process_name:"mupdf" AND (event_type:"crash" OR error_message:"floating point" OR error_message:"divide by zero")

📊 Metadata

CVE ID: CVE-2023-51105

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-369

Published: December 26, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51105, you might also want to check these: