[Secure-testing-team] Bug#888487: mupdf: CVE-2018-6192
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 26 10:00:56 UTC 2018
Source: mupdf
Version: 1.11+ds1-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698916
Hi,
the following vulnerability was published for mupdf.
CVE-2018-6192[0]:
| In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in
| pdf/pdf-xref.c allows remote attackers to cause a denial of service
| (segmentation violation and application crash) via a crafted pdf file.
The issue is verifiable with an ASAN build for the unstable version
with the poc files attached to the upstream bug.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-6192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6192
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list