From 071be4a5f2deb3372ef1122d98f5bf1764754b1b Mon Sep 17 00:00:00 2001 From: feld Date: Wed, 12 Oct 2016 00:49:00 +0000 Subject: Document mupdf vulnerabilites PR: 212207 Security: CVE-2016-6525 Security: CVE-2016-6265 --- security/vuxml/vuln.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b15e0fc52dd..8bcb6aae9cd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,50 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + mupdf -- multiple vulnerabilities + + + mupdf + 1.9a_1,1 + + + llpp + 22_2 + + + zathura-pdf-mupdf + 0.3.0_2 + + + + +

Tobias Kortkamp reports:

+
Heap-based buffer overflow in the pdf_load_mesh_params + function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a + denial of service (crash) or execute arbitrary code via a large decode + array.
+
Use-after-free vulnerability in the pdf_load_xref function in + pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of + service (crash) via a crafted PDF file.
+

+ + + + http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html + http://bugs.ghostscript.com/show_bug.cgi?id=696941 + http://bugs.ghostscript.com/show_bug.cgi?id=696954 + CVE-2016-6525 + CVE-2016-6265 + 212207 + + + 2016-08-27 + 2016-10-12 + + + openjpeg -- multiple vulnerabilities -- cgit