Arch Linux Security Advisory ASA-201801-27

Severity: High
Date : 2018-01-30
CVE-ID : CVE-2017-17858
Package : mupdf
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-599

Summary

The package mupdf before version 1.12.0-2 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 1.12.0-2.

pacman -Syu “mupdf>=1.12.0-2”

The problem has been fixed upstream but no release is available yet.

Workaround

None.

Description

Heap-based buffer overflow in the ensure_solid_xref function in
pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to
potentially execute arbitrary code via a crafted PDF file, because xref
subsection object numbers are unrestricted.

Impact

An attacker is able to execute arbitrary code on the affected host by
tricking the user to open or process a maliciously crafted PDF
document.

References

https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
https://bugs.ghostscript.com/show_bug.cgi?id=698819
https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
https://security.archlinux.org/CVE-2017-17858