ID CVE-2017-14685 Type cve Reporter cve@mitre.org Modified 2017-11-05T01:29:00
Description
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.
{"id": "CVE-2017-14685", "bulletinFamily": "NVD", "title": "CVE-2017-14685", "description": "Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to \"Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61\" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.", "published": "2017-09-22T06:29:00", "modified": "2017-11-05T01:29:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14685", "reporter": "cve@mitre.org", "references": ["http://www.debian.org/security/2017/dsa-4006", "http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a", "https://bugs.ghostscript.com/show_bug.cgi?id=698539", "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14685"], "cvelist": ["CVE-2017-14685"], "type": "cve", "lastseen": "2020-10-03T13:07:36", "edition": 3, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201711-4", "ASA-201711-5", "ASA-201711-3", "ASA-201711-1", "ASA-201711-2"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4006-1:C4D54"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873845", "OPENVAS:1361412562310704006", "OPENVAS:1361412562310873821", "OPENVAS:1361412562310873897"]}, {"type": "nessus", "idList": ["FEDORA_2017-A1AD512B22.NASL", "DEBIAN_DSA-4006.NASL", "FEDORA_2017-267F37C544.NASL", "FEDORA_2017-9AE6E39BDE.NASL"]}, {"type": "fedora", "idList": ["FEDORA:C25DB604D4B4", "FEDORA:2DB4B601B296", "FEDORA:8E28260419B1"]}], "modified": "2020-10-03T13:07:36", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-10-03T13:07:36", "rev": 2}, "vulnersScore": 6.0}, "cpe": ["cpe:/a:artifex:mupdf:1.11"], "affectedSoftware": [{"cpeName": "artifex:mupdf", "name": "artifex mupdf", "operator": "eq", "version": "1.11"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{"openvas": [{"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-14686"], "description": "Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which\nmay result in denial of service or the execution of arbitrary code.\n\nCVE-2017-14685,\nCVE-2017-14686,\nand CVE-2017-14687\nWangLin discovered that a crafted .xps file can crash MuPDF and\npotentially execute arbitrary code in several ways, since the\napplication makes unchecked assumptions on the entry format.\n\nCVE-2017-15587\nTerry Chia and Jeremy Heng discovered an integer overflow that can\ncause arbitrary code execution via a crafted .pdf file.", "modified": "2019-03-18T00:00:00", "published": "2017-10-24T00:00:00", "id": "OPENVAS:1361412562310704006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704006", "type": "openvas", "title": "Debian Security Advisory DSA 4006-1 (mupdf - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4006.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4006-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704006\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-14685\", \"CVE-2017-14686\", \"CVE-2017-14687\", \"CVE-2017-15587\");\n script_name(\"Debian Security Advisory DSA 4006-1 (mupdf - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-24 00:00:00 +0200 (Tue, 24 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-4006.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"mupdf on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.9a+ds1-4+deb9u1.\n\nWe recommend that you upgrade your mupdf packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which\nmay result in denial of service or the execution of arbitrary code.\n\nCVE-2017-14685,\nCVE-2017-14686,\nand CVE-2017-14687\nWangLin discovered that a crafted .xps file can crash MuPDF and\npotentially execute arbitrary code in several ways, since the\napplication makes unchecked assumptions on the entry format.\n\nCVE-2017-15587\nTerry Chia and Jeremy Heng discovered an integer overflow that can\ncause arbitrary code execution via a crafted .pdf file.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libmupdf-dev\", ver:\"1.9a+ds1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mupdf\", ver:\"1.9a+ds1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mupdf-tools\", ver:\"1.9a+ds1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-04T00:00:00", "id": "OPENVAS:1361412562310873821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873821", "type": "openvas", "title": "Fedora Update for mupdf FEDORA-2017-a1ad512b22", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_a1ad512b22_mupdf_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mupdf FEDORA-2017-a1ad512b22\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873821\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:48:09 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\", \"CVE-2017-14685\",\n \"CVE-2017-14686\", \"CVE-2017-14687\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mupdf FEDORA-2017-a1ad512b22\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mupdf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mupdf on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a1ad512b22\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBQ5CBE7PBBU6IBUW6UWNIJJDD6OJ2L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mupdf\", rpm:\"mupdf~1.11~9.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-11T00:00:00", "id": "OPENVAS:1361412562310873897", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873897", "type": "openvas", "title": "Fedora Update for mupdf FEDORA-2017-9ae6e39bde", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9ae6e39bde_mupdf_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mupdf FEDORA-2017-9ae6e39bde\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873897\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-11 08:04:47 +0100 (Mon, 11 Dec 2017)\");\n script_cve_id(\"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\", \"CVE-2017-14685\",\n \"CVE-2017-14686\", \"CVE-2017-14687\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mupdf FEDORA-2017-9ae6e39bde\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mupdf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mupdf on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9ae6e39bde\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5HUMQDKNC7MAYB5VDA6XA5BVYTZFZQY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"mupdf\", rpm:\"mupdf~1.11~9.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-12-04T00:00:00", "id": "OPENVAS:1361412562310873845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873845", "type": "openvas", "title": "Fedora Update for mupdf FEDORA-2017-267f37c544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_267f37c544_mupdf_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mupdf FEDORA-2017-267f37c544\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873845\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:48:28 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\", \"CVE-2017-14685\",\n \"CVE-2017-14686\", \"CVE-2017-14687\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mupdf FEDORA-2017-267f37c544\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mupdf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mupdf on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-267f37c544\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQRFAXR4UENWY7BRI3YVC22A3YRABTNP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mupdf\", rpm:\"mupdf~1.11~9.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15587"], "description": "Arch Linux Security Advisory ASA-201711-2\n=========================================\n\nSeverity: High\nDate : 2017-11-01\nCVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nPackage : libmupdf\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-458\n\nSummary\n=======\n\nThe package libmupdf before version 1.11-5 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.11-5.\n\n# pacman -Syu \"libmupdf>=1.11-5\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-14685 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because xps_load_links_in_glyphs in xps/xps-link.c does not\nverify that an xps font could be loaded.\n\n- CVE-2017-14686 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause\na denial of service via a crafted .xps file. This occurs because\nread_zip_dir_imp in fitz/unzip.c does not check whether size fields in\na ZIP entry are negative numbers.\n\n- CVE-2017-14687 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because of mishandling of XML tag name comparisons.\n\n- CVE-2017-15587 (arbitrary code execution)\n\nAn integer overflow leading to an out-of-bounds wrte has been found in\nmupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to\nwrite controlled data to an arbitrary location in memory when\nperforming truncated xref checks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code on the affected host by\nproviding a maliciously-crafted .xps or .pdf file.\n\nReferences\n==========\n\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698539\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698540\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698558\nhttps://nandynarwhals.org/CVE-2017-15587/\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8\nhttps://security.archlinux.org/CVE-2017-14685\nhttps://security.archlinux.org/CVE-2017-14686\nhttps://security.archlinux.org/CVE-2017-14687\nhttps://security.archlinux.org/CVE-2017-15587", "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "ASA-201711-2", "href": "https://security.archlinux.org/ASA-201711-2", "type": "archlinux", "title": "[ASA-201711-2] libmupdf: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15587"], "description": "Arch Linux Security Advisory ASA-201711-4\n=========================================\n\nSeverity: High\nDate : 2017-11-01\nCVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nPackage : mupdf\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-458\n\nSummary\n=======\n\nThe package mupdf before version 1.11-5 is vulnerable to arbitrary code\nexecution.\n\nResolution\n==========\n\nUpgrade to 1.11-5.\n\n# pacman -Syu \"mupdf>=1.11-5\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-14685 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because xps_load_links_in_glyphs in xps/xps-link.c does not\nverify that an xps font could be loaded.\n\n- CVE-2017-14686 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause\na denial of service via a crafted .xps file. This occurs because\nread_zip_dir_imp in fitz/unzip.c does not check whether size fields in\na ZIP entry are negative numbers.\n\n- CVE-2017-14687 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because of mishandling of XML tag name comparisons.\n\n- CVE-2017-15587 (arbitrary code execution)\n\nAn integer overflow leading to an out-of-bounds wrte has been found in\nmupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to\nwrite controlled data to an arbitrary location in memory when\nperforming truncated xref checks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code on the affected host by\nproviding a maliciously-crafted .xps or .pdf file.\n\nReferences\n==========\n\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698539\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698540\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698558\nhttps://nandynarwhals.org/CVE-2017-15587/\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8\nhttps://security.archlinux.org/CVE-2017-14685\nhttps://security.archlinux.org/CVE-2017-14686\nhttps://security.archlinux.org/CVE-2017-14687\nhttps://security.archlinux.org/CVE-2017-15587", "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "ASA-201711-4", "href": "https://security.archlinux.org/ASA-201711-4", "type": "archlinux", "title": "[ASA-201711-4] mupdf: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15587"], "description": "Arch Linux Security Advisory ASA-201711-1\n=========================================\n\nSeverity: High\nDate : 2017-11-01\nCVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nPackage : mupdf-gl\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-458\n\nSummary\n=======\n\nThe package mupdf-gl before version 1.11-5 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.11-5.\n\n# pacman -Syu \"mupdf-gl>=1.11-5\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-14685 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because xps_load_links_in_glyphs in xps/xps-link.c does not\nverify that an xps font could be loaded.\n\n- CVE-2017-14686 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause\na denial of service via a crafted .xps file. This occurs because\nread_zip_dir_imp in fitz/unzip.c does not check whether size fields in\na ZIP entry are negative numbers.\n\n- CVE-2017-14687 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because of mishandling of XML tag name comparisons.\n\n- CVE-2017-15587 (arbitrary code execution)\n\nAn integer overflow leading to an out-of-bounds wrte has been found in\nmupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to\nwrite controlled data to an arbitrary location in memory when\nperforming truncated xref checks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code on the affected host by\nproviding a maliciously-crafted .xps or .pdf file.\n\nReferences\n==========\n\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698539\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698540\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698558\nhttps://nandynarwhals.org/CVE-2017-15587/\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8\nhttps://security.archlinux.org/CVE-2017-14685\nhttps://security.archlinux.org/CVE-2017-14686\nhttps://security.archlinux.org/CVE-2017-14687\nhttps://security.archlinux.org/CVE-2017-15587", "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "ASA-201711-1", "href": "https://security.archlinux.org/ASA-201711-1", "type": "archlinux", "title": "[ASA-201711-1] mupdf-gl: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15587"], "description": "Arch Linux Security Advisory ASA-201711-3\n=========================================\n\nSeverity: High\nDate : 2017-11-01\nCVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nPackage : mupdf-tools\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-458\n\nSummary\n=======\n\nThe package mupdf-tools before version 1.11-5 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 1.11-5.\n\n# pacman -Syu \"mupdf-tools>=1.11-5\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-14685 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because xps_load_links_in_glyphs in xps/xps-link.c does not\nverify that an xps font could be loaded.\n\n- CVE-2017-14686 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause\na denial of service via a crafted .xps file. This occurs because\nread_zip_dir_imp in fitz/unzip.c does not check whether size fields in\na ZIP entry are negative numbers.\n\n- CVE-2017-14687 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because of mishandling of XML tag name comparisons.\n\n- CVE-2017-15587 (arbitrary code execution)\n\nAn integer overflow leading to an out-of-bounds wrte has been found in\nmupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to\nwrite controlled data to an arbitrary location in memory when\nperforming truncated xref checks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code on the affected host by\nproviding a maliciously-crafted .xps or .pdf file.\n\nReferences\n==========\n\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698539\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698540\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698558\nhttps://nandynarwhals.org/CVE-2017-15587/\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8\nhttps://security.archlinux.org/CVE-2017-14685\nhttps://security.archlinux.org/CVE-2017-14686\nhttps://security.archlinux.org/CVE-2017-14687\nhttps://security.archlinux.org/CVE-2017-15587", "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "ASA-201711-3", "href": "https://security.archlinux.org/ASA-201711-3", "type": "archlinux", "title": "[ASA-201711-3] mupdf-tools: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15587"], "description": "Arch Linux Security Advisory ASA-201711-5\n=========================================\n\nSeverity: High\nDate : 2017-11-01\nCVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nPackage : zathura-pdf-mupdf\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-476\n\nSummary\n=======\n\nThe package zathura-pdf-mupdf before version 0.3.1-4 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 0.3.1-4.\n\n# pacman -Syu \"zathura-pdf-mupdf>=0.3.1-4\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-14685 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because xps_load_links_in_glyphs in xps/xps-link.c does not\nverify that an xps font could be loaded.\n\n- CVE-2017-14686 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause\na denial of service via a crafted .xps file. This occurs because\nread_zip_dir_imp in fitz/unzip.c does not check whether size fields in\na ZIP entry are negative numbers.\n\n- CVE-2017-14687 (arbitrary code execution)\n\nArtifex MuPDF 1.11 allows attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted .xps file. This\noccurs because of mishandling of XML tag name comparisons.\n\n- CVE-2017-15587 (arbitrary code execution)\n\nAn integer overflow leading to an out-of-bounds wrte has been found in\nmupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to\nwrite controlled data to an arbitrary location in memory when\nperforming truncated xref checks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code on the affected host by\nproviding a maliciously-crafted .xps or .pdf file to the zathura\nprocess.\n\nReferences\n==========\n\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=ab1a420613dec93c686acbee2c165274e922f82a\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698539\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698540\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28\nhttps://bugs.ghostscript.com/show_bug.cgi?id=698558\nhttps://nandynarwhals.org/CVE-2017-15587/\nhttp://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8\nhttps://security.archlinux.org/CVE-2017-14685\nhttps://security.archlinux.org/CVE-2017-14686\nhttps://security.archlinux.org/CVE-2017-14687\nhttps://security.archlinux.org/CVE-2017-15587", "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "ASA-201711-5", "href": "https://security.archlinux.org/ASA-201711-5", "type": "archlinux", "title": "[ASA-201711-5] zathura-pdf-mupdf: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T00:58:22", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-14686"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4006-1 security@debian.org\nhttps://www.debian.org/security/ \nOctober 24, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mupdf\nCVE ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587\nDebian Bug : 877379 879055\n\nMultiple vulnerabilities have been found in MuPDF, a PDF file viewer, which\nmay result in denial of service or the execution of arbitrary code.\n\nCVE-2017-14685, CVE-2017-14686, and CVE-2017-14687\n\n WangLin discovered that a crafted .xps file can crash MuPDF and\n potentially execute arbitrary code in several ways, since the\n application makes unchecked assumptions on the entry format.\n\nCVE-2017-15587\n\n Terry Chia and Jeremy Heng discovered an integer overflow that can\n cause arbitrary code execution via a crafted .pdf file.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.9a+ds1-4+deb9u1.\n\nWe recommend that you upgrade your mupdf packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2017-10-24T15:41:27", "published": "2017-10-24T15:41:27", "id": "DEBIAN:DSA-4006-1:C4D54", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00268.html", "title": "[SECURITY] [DSA 4006-1] mupdf security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:50:55", "description": "Multiple vulnerabilities have been found in MuPDF, a PDF file viewer,\nwhich may result in denial of service or the execution of arbitrary\ncode.\n\n - CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687\n WangLin discovered that a crafted .xps file can crash\n MuPDF and potentially execute arbitrary code in several\n ways, since the application makes unchecked assumptions\n on the entry format.\n\n - CVE-2017-15587\n Terry Chia and Jeremy Heng discovered an integer\n overflow that can cause arbitrary code execution via a\n crafted .pdf file.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-25T00:00:00", "title": "Debian DSA-4006-1 : mupdf - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-14686"], "modified": "2017-10-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mupdf", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4006.NASL", "href": "https://www.tenable.com/plugins/nessus/104134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4006. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104134);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14685\", \"CVE-2017-14686\", \"CVE-2017-14687\", \"CVE-2017-15587\");\n script_xref(name:\"DSA\", value:\"4006\");\n\n script_name(english:\"Debian DSA-4006-1 : mupdf - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in MuPDF, a PDF file viewer,\nwhich may result in denial of service or the execution of arbitrary\ncode.\n\n - CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687\n WangLin discovered that a crafted .xps file can crash\n MuPDF and potentially execute arbitrary code in several\n ways, since the application makes unchecked assumptions\n on the entry format.\n\n - CVE-2017-15587\n Terry Chia and Jeremy Heng discovered an integer\n overflow that can cause arbitrary code execution via a\n crafted .pdf file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-15587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/mupdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4006\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mupdf packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.9a+ds1-4+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mupdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libmupdf-dev\", reference:\"1.9a+ds1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mupdf\", reference:\"1.9a+ds1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"mupdf-tools\", reference:\"1.9a+ds1-4+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:12:38", "description": "CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "title": "Fedora 27 : mupdf (2017-a1ad512b22)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "modified": "2018-01-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:mupdf"], "id": "FEDORA_2017-A1AD512B22.NASL", "href": "https://www.tenable.com/plugins/nessus/105942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a1ad512b22.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105942);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14685\", \"CVE-2017-14686\", \"CVE-2017-14687\", \"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\");\n script_xref(name:\"FEDORA\", value:\"2017-a1ad512b22\");\n\n script_name(english:\"Fedora 27 : mupdf (2017-a1ad512b22)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1ad512b22\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mupdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mupdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mupdf-1.11-9.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mupdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:12:20", "description": "CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-11T00:00:00", "title": "Fedora 25 : mupdf (2017-9ae6e39bde)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "modified": "2017-12-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:mupdf"], "id": "FEDORA_2017-9AE6E39BDE.NASL", "href": "https://www.tenable.com/plugins/nessus/105132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9ae6e39bde.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105132);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14685\", \"CVE-2017-14686\", \"CVE-2017-14687\", \"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\");\n script_xref(name:\"FEDORA\", value:\"2017-9ae6e39bde\");\n\n script_name(english:\"Fedora 25 : mupdf (2017-9ae6e39bde)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ae6e39bde\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mupdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mupdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"mupdf-1.11-9.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mupdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:15:34", "description": "CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-04T00:00:00", "title": "Fedora 26 : mupdf (2017-267f37c544)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14687", "CVE-2017-14685", "CVE-2017-15587", "CVE-2017-9216", "CVE-2017-15369", "CVE-2017-14686"], "modified": "2017-12-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mupdf", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-267F37C544.NASL", "href": "https://www.tenable.com/plugins/nessus/104976", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-267f37c544.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104976);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14685\", \"CVE-2017-14686\", \"CVE-2017-14687\", \"CVE-2017-15369\", \"CVE-2017-15587\", \"CVE-2017-9216\");\n script_xref(name:\"FEDORA\", value:\"2017-267f37c544\");\n\n script_name(english:\"Fedora 26 : mupdf (2017-267f37c544)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-15369 CVE-2017-15587 CVE-2017-9216 CVE-2017-14685\nCVE-2017-14686 CVE-2017-14687\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-267f37c544\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected mupdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mupdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mupdf-1.11-9.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mupdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15369", "CVE-2017-15587", "CVE-2017-9216"], "description": "MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately five megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. ", "modified": "2017-12-10T21:03:40", "published": "2017-12-10T21:03:40", "id": "FEDORA:8E28260419B1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: mupdf-1.11-9.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15369", "CVE-2017-15587", "CVE-2017-9216"], "description": "MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately five megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. ", "modified": "2017-11-29T00:02:58", "published": "2017-11-29T00:02:58", "id": "FEDORA:2DB4B601B296", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mupdf-1.11-9.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14685", "CVE-2017-14686", "CVE-2017-14687", "CVE-2017-15369", "CVE-2017-15587", "CVE-2017-9216"], "description": "MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately five megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. ", "modified": "2017-12-02T21:23:32", "published": "2017-12-02T21:23:32", "id": "FEDORA:C25DB604D4B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mupdf-1.11-9.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
