Debian LTS: DLA-1838-1: mupdf security update

    Date28 Jun 2019
    CategoryDebian LTS
    648
    Posted ByLinuxSecurity Advisories
    Several minor issues have been fixed in mupdf, a lightweight PDF viewer tailored for display of high quality anti-aliased graphics.
    Package        : mupdf
    Version        : 1.5-1+deb8u6
    CVE ID         : CVE-2018-5686 CVE-2019-6130 CVE-2018-6192
    Debian Bug     : 887130 888487 918971
    
    
    Several minor issues have been fixed in mupdf, a lightweight PDF viewer
    tailored for display of high quality anti-aliased graphics.
    
    CVE-2018-5686
    
        In MuPDF, there was an infinite loop vulnerability and application
        hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF
        not having been considered. Remote attackers could leverage this
        vulnerability to cause a denial of service via a crafted PDF file.
    
    CVE-2019-6130
    
        MuPDF had a SEGV in the function fz_load_page of the fitz/document.c
        file, as demonstrated by mutool. This was related to page-number
        mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
    
    CVE-2018-6192
    
        In MuPDF, the pdf_read_new_xref function in pdf/pdf-xref.c allowed
        remote attackers to cause a denial of service (segmentation violation
        and application crash) via a crafted PDF file.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    1.5-1+deb8u6.
    
    We recommend that you upgrade your mupdf packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    
    mike gabriel aka sunweaver (Debian Developer)
    fon: +49 (1520) 1976 148
    
    GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
    mail: This email address is being protected from spambots. You need JavaScript enabled to view it., http://sunweavers.net
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.