- ------------------------------------------------------------------------- Debian Security Advisory DSA-3655-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2016-6265 CVE-2016-6525 Debian Bug : 832031 833417 Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6265 Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash (denial-of-service), or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed. CVE-2016-6525 Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdf_load_mesh_params function, allowing an attacker to cause an application crash (denial-of-service), or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed. For the stable distribution (jessie), these problems have been fixed in version 1.5-1+deb8u1. We recommend that you upgrade your mupdf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-3655-1: mupdf security update
August 26, 2016
Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer
Summary
Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6265 Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash (denial-of-service), or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed. CVE-2016-6525 Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdf_load_mesh_params function, allowing an attacker to cause an application crash (denial-of-service), or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed. For the stable distribution (jessie), these problems have been fixed in version 1.5-1+deb8u1. We recommend that you upgrade your mupdf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-3655-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2016 https://www.debian.org/security/faq
Severity
Package : mupdf
CVE ID : CVE-2016-6265 CVE-2016-6525
Debian Bug : 832031 833417
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden’s New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
