[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1838-1] mupdf security update

Package        : mupdf
Version        : 1.5-1+deb8u6
CVE ID         : CVE-2018-5686 CVE-2019-6130 CVE-2018-6192
Debian Bug     : 887130 888487 918971

Several minor issues have been fixed in mupdf, a lightweight PDF viewer
tailored for display of high quality anti-aliased graphics.


    In MuPDF, there was an infinite loop vulnerability and application
    hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF
    not having been considered. Remote attackers could leverage this
    vulnerability to cause a denial of service via a crafted PDF file.


    MuPDF had a SEGV in the function fz_load_page of the fitz/document.c
    file, as demonstrated by mutool. This was related to page-number
    mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.


    In MuPDF, the pdf_read_new_xref function in pdf/pdf-xref.c allowed
    remote attackers to cause a denial of service (segmentation violation
    and application crash) via a crafted PDF file.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your mupdf packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: PGP signature

Reply to: