[SECURITY] Fedora 30 Update: mupdf-1.15.0-1.fc30

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Fedora 30 : mupdf (2019-befe3bd225)

rebase to 1.15.0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Fedora Update for mupdf FEDORA-2019-befe3bd225

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

mupdf/pdf_fuzzer: Heap-buffer-overflow in eval_sample_func

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5664837016748032 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzerasanmupdf Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 4 Crash Address:...

openSUSE Security Update : mupdf (openSUSE-2019-429)

This update for mupdf fixes the following security issue : - CVE-2018-1000051: Prevent use after free in fzkeepkeystorable that can result in DOS / possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF bsc1080531. %NASLMINLEVEL 70300 C Tenable...

mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_mask_color_key

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5741749579808768 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_clamp

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5658959258583040 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

DEBIAN-CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

DEBIAN-CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

Design/Logic Flaw

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

Design/Logic Flaw

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

CVE-2019-6131

The CVE-2019-6131 issue affects Artifex MuPDF 1.14.0, exposed via the SVG rendering path. Specifically, svg-run.c contains an infinite recursion with uncontrolled stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, demonstrated by mutool. Impact is described as resource exh...

CVE-2019-6130

CVE-2019-6130 affects MuPDF up to 1.14.0 (Artifex), with a SEGV in fz_load_page (fitz/document.c) linked to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. Connected advisories show mitigations via package upgrades: Debian DLA-1838-1 fixes mupdf for Jessie to 1.5-1+deb8u6;...

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...