In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mupdf | < 1.14.0+ds1-4 | mupdf_1.14.0+ds1-4_all.deb |
Debian | 11 | all | mupdf | < 1.14.0+ds1-4 | mupdf_1.14.0+ds1-4_all.deb |
Debian | 10 | all | mupdf | < 1.14.0+ds1-4 | mupdf_1.14.0+ds1-4_all.deb |
Debian | 999 | all | mupdf | < 1.14.0+ds1-4 | mupdf_1.14.0+ds1-4_all.deb |
Debian | 13 | all | mupdf | < 1.14.0+ds1-4 | mupdf_1.14.0+ds1-4_all.deb |