openSUSE Security Update : mupdf (openSUSE-2017-1300)

This update for mupdf fixes the following issues : Security issues fixed : - CVE-2017-7976: integer overflow jbig2imagecompose function in jbig2image.c during operations on a crafted .jb2 file boo1052029. - CVE-2016-10221: countentries in pdf-layer.c allows for DoS boo1032140. - CVE-2016-8728: Fi...

[ASA-201711-28] jbig2dec: denial of service

Arch Linux Security Advisory ASA-201711-28 ========================================== Severity: Medium Date : 2017-11-22 CVE-ID : CVE-2017-9216 Package : jbig2dec Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-517 Summary ======= The package jbig2dec before versio...

Integer Overflow

MuPDF is vulnerable to integer overflows. An attacker can pass a malicious pdf file to the pdfreadnewxrefsection function in pdf/pdf-xref.c, causing an integer overflow in the application that can lead to arbitrary writes and the application crashing...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks. The attack can be launched if a malicious file is passed to the fzsubsamplepixmap function in fitz/pixmap.c, causing an out-of-bound read and application crash...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. These attacks are possible due to a use-after-free vulnerability in the fzsubsamplepixmap function causing the application to crash...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks. The attack can be launched if a malicious file is passed to the mygetline function in jstestmain.c, causing out-of-bounds write...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks. Using a PDF document, attackers can use the countentries function to consume the stack and crash the application...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. This vulnerability is possible because the xpsloadlinksinglyphs function doesn't verify if a font can be loaded before trying to load it. This can be triggered using a .xps file...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. These attacks can be performed because the readzipdirimp function does not check if the size fields in a ZIP entry are negative. It can be triggered using a .xps file...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks and possibly other attacks. The vulnerability is related to the mishandling of XML tag name comparisons...

[SECURITY] [DSA 4006-2] mupdf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 [email protected] https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

[SECURITY] [DSA 4006-2] mupdf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4006-2 [email protected] https://www.debian.org/security/ November 10, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

DSA-4006-2 mupdf - security update

Bulletin has no description...

Debian DLA-1164-1 : mupdf security update

Two security issues were discovered in mupdf, a lightweight PDF viewer. CVE-2017-14687 MuPDF allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because of mishandling of XML tag name comparisons. CVE-2017-15587 An integer...

[SECURITY] [DLA 1164-1] mupdf security update

Package : mupdf Version : 0.9-2+deb7u4 CVE ID : CVE-2017-14687 CVE-2017-15587 Debian Bug : 877379 879055 Two security issues were discovered in mupdf, a lightweight PDF viewer. CVE-2017-14687 MuPDF allows attackers to cause a denial of service or possibly have unspecified other impact via a craft...

DLA-1164-1 mupdf - security update

Bulletin has no description...

[ASA-201711-4] mupdf: arbitrary code execution

Arch Linux Security Advisory ASA-201711-4 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458 Summa...

[ASA-201711-3] mupdf-tools: arbitrary code execution

Arch Linux Security Advisory ASA-201711-3 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf-tools Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...

[ASA-201711-1] mupdf-gl: arbitrary code execution

Arch Linux Security Advisory ASA-201711-1 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : mupdf-gl Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-458...

[ASA-201711-5] zathura-pdf-mupdf: arbitrary code execution

Arch Linux Security Advisory ASA-201711-5 ========================================= Severity: High Date : 2017-11-01 CVE-ID : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587 Package : zathura-pdf-mupdf Type : arbitrary code execution Remote : No Link :...