https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51104 https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#4-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-pnm_binary_read_image-of-load-pnmc-in-line-519 A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon pnm_binary_read_image() of load-pnm.c line 527.
Fixed in commit 0c06a4e51519515615f6ab2d5b1f25da6771e1f4 Author: Sebastian Rasmussen <sebras@gmail.com> Date: Fri Mar 1 22:05:33 2024 +0800 Bug 707621: Add assert ensuring that there is > 0 components. CVE-2023-51104 reports that pnm_binary_read_image() may end up in a division by zero. After deducing that the issue originates from clang's scan-build-17 and studying its reported issues, the source code of pnm_read_image() and pnm_binary_read_image() were analyzed. What scan-build-17 fails to realize is that pnm_read_image() guarantees that the number of components in the passed colorspace is either 1 or 3. The best way to avoid getting similar CVEs is to add a redundant assert() for the number of components. After this scan-build-17's reports about division by zero in pnm_binary_read_image() disappear and thus this eliminate CVE-2023-51104.