ArchLinuxASA-201711-3[ASA-201711-3] mupdf-tools: arbitrary code execution
0.003 Low
EPSS
Percentile
68.6%
Arch Linux Security Advisory ASA-201711-3
Severity: High
Date : 2017-11-01
CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587
Package : mupdf-tools
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-458
Summary
The package mupdf-tools before version 1.11-5 is vulnerable to
arbitrary code execution.
Resolution
Upgrade to 1.11-5.
pacman -Syu “mupdf-tools>=1.11-5”
The problems have been fixed upstream but no release is available yet.
Workaround
None.
Description
- CVE-2017-14685 (arbitrary code execution)
Artifex MuPDF 1.11 allows attackers to cause a denial of service or
possibly have unspecified other impact via a crafted .xps file. This
occurs because xps_load_links_in_glyphs in xps/xps-link.c does not
verify that an xps font could be loaded.
- CVE-2017-14686 (arbitrary code execution)
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file. This occurs because
read_zip_dir_imp in fitz/unzip.c does not check whether size fields in
a ZIP entry are negative numbers.
- CVE-2017-14687 (arbitrary code execution)
Artifex MuPDF 1.11 allows attackers to cause a denial of service or
possibly have unspecified other impact via a crafted .xps file. This
occurs because of mishandling of XML tag name comparisons.
- CVE-2017-15587 (arbitrary code execution)
An integer overflow leading to an out-of-bounds wrte has been found in
mupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to
write controlled data to an arbitrary location in memory when
performing truncated xref checks.
Impact
An attacker is able to execute arbitrary code on the affected host by
providing a maliciously-crafted .xps or .pdf file.
References
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a
https://bugs.ghostscript.com/show_bug.cgi?id=698539
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
https://bugs.ghostscript.com/show_bug.cgi?id=698540
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
https://bugs.ghostscript.com/show_bug.cgi?id=698558
https://nandynarwhals.org/CVE-2017-15587/
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
https://security.archlinux.org/CVE-2017-14685
https://security.archlinux.org/CVE-2017-14686
https://security.archlinux.org/CVE-2017-14687
https://security.archlinux.org/CVE-2017-15587
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ArchLinux | any | any | mupdf-tools | < 1.11-5 | UNKNOWN |
References
git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a
bugs.ghostscript.com/show_bug.cgi?id=698539
bugs.ghostscript.com/show_bug.cgi?id=698540
bugs.ghostscript.com/show_bug.cgi?id=698558
nandynarwhals.org/CVE-2017-15587/
security.archlinux.org/AVG-458
security.archlinux.org/CVE-2017-14685
security.archlinux.org/CVE-2017-14686
security.archlinux.org/CVE-2017-14687
security.archlinux.org/CVE-2017-15587
Related
