[ASA-201801-27] mupdf: arbitrary code execution

2018-01-30T00:00:00
ID ASA-201801-27
Type archlinux
Reporter ArchLinux
Modified 2018-01-30T00:00:00

Description

Arch Linux Security Advisory ASA-201801-27

Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-599

Summary

The package mupdf before version 1.12.0-2 is vulnerable to arbitrary code execution.

Resolution

Upgrade to 1.12.0-2.

pacman -Syu "mupdf>=1.12.0-2"

The problem has been fixed upstream but no release is available yet.

Workaround

None.

Description

Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

Impact

An attacker is able to execute arbitrary code on the affected host by tricking the user to open or process a maliciously crafted PDF document.

References

https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731 https://bugs.ghostscript.com/show_bug.cgi?id=698819 https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md https://security.archlinux.org/CVE-2017-17858