Artifex MuPDF - Null Pointer Dereference

Artifex MuPDF - Null Pointer Dereference Source: https://bugs.ghostscript.com/showbug.cgi?id=697500 POC to trigger null pointer dereference mutool After some fuzz testing I found a crashing test case. Git HEAD: 8eea208e099614487e4bd7cc0d67d91489dae642 To reproduce: mutool convert -F cbz...

GLSA-201706-08 : MuPDF: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201706-08 MuPDF: Multiple vulnerabilities Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a speciall...

Artifex MuPDF - Null Pointer Dereference

Source: https://bugs.ghostscript.com/showbug.cgi?id=697500 POC to trigger null pointer dereference mutool After some fuzz testing I found a crashing test case. Git HEAD: 8eea208e099614487e4bd7cc0d67d91489dae642 To reproduce: mutool convert -F cbz nullptrfzpaintpixmapwithmask -o /dev/null ASAN:...

MuPDF: Multiple vulnerabilities

Background A lightweight PDF, XPS, and E-book viewer. Description Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafted PDF document or image using MuPDF,...

Artifex Software MuPDF Security Vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A memory corruption vulnerability exists in Artifex Software MuPDF version 1.9 and 1.10 RC2. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service...

Artifex Software MuPDF Buffer Overflow Vulnerability (CNVD-2017-08509)

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A heap buffer overflow vulnerability exists in Artifex Software MuPDF version 1.10-rc1, which stems from the program failing to adequately perform boundary detection on user-submitted input. An attacker could...

Fedora 25 : mupdf (2017-5135c91b36)

Fix for CVE-2016-8728 CVE-2016-8729 ---- Rebuild with new jbig2dec Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for mupdf FEDORA-2017-5135c91b36

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: mupdf-1.10a-7.fc25

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

Null pointer dereference

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

UBUNTU-CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

CVE-2017-9216

CVE-2017-9216 affects libjbig2dec.a in Artifex jbig2dec 0.13 (as used by MuPDF and Ghostscript). The vulnerability is a NULL pointer dereference in the jbig2_huffman_get function of jbig2_huffman.c, which can cause a crash/segmentation fault when parsing an invalid/.jb2 file. Connected sources co...

CVE-2017-9216

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2huffmanget function in jbig2huffman.c. For example, the jbig2dec utility will crash segmentation fault when parsing an invalid file...

Memory Corruption And Code Execution

MuPDF is vulnerable to memory corruption and possible code execution through the JBIG2 parser. It is possible for attackers to pass a PDF to a user to cause the application to pass memset a negative number. This flaw causes memory corruption and potentially code execution as well...

Arbitrary Code Execution Vulnerabilities in MuPDF Identified and Patched

Talos is disclosing the presence of two vulnerabilities in the Artifex MuPDF renderer. MuPDF is a lightweight PDF parsing and rendering library featuring high fidelity graphics, high speed, and compact code size which makes it a fairly popular PDF library for embedding in different projects,...

Artifex MuPDf JBIG2 Parser Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the...

MuPDF Fitz library font glyph scaling Code Execution Vulnerability

Summary An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victi...