Debian 8 mupdf DLA-1838-1 Critical: Denial of Service Issues
debian lts
June 28, 2019
Several minor issues have been fixed in mupdf, a lightweight PDF viewer tailored for display of high quality anti-aliased graphics
Topics Covered
Summary
CVE-2018-5686
In MuPDF, there was an infinite loop vulnerability and application
hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF
not having been considered. Remote attackers could leverage this
vulnerability to cause a denial of service via a crafted PDF file.
CVE-2019-6130
MuPDF had a SEGV in the function fz_load_page of the fitz/document.c
file, as demonstrated by mutool. This was related to page-number
mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
CVE-2018-6192
In MuPDF, the pdf_read_new_xref function in pdf/pdf-xref.c allowed
remote attackers to cause a denial of service (segmentation violation
and application crash) via a crafted PDF file.
For Debian 8 "Jessie", these problems have been fixed in version
1.5-1+deb8u6.
We recommend that you upgrade your mupdf packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: mupdf
Version: 1.5-1+deb8u6
CVE ID: CVE-2018-5686 CVE-2019-6130 CVE-2018-6192
Debian Bug: 887130 888487 918971
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!