CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

[SECURITY] Fedora 28 Update: mupdf-1.14.0-6.fc28

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

PT-2019-17969 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue is related to infinite recursion with stack consumption in the svg run use symbol, svg run element, and svg run use functions in the svg-run.c file. This can be demonstrated using mutool...

PT-2019-17968 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue is related to a SEGV in the fz load page function of the fitz/document.c file. This problem arises from page-number mishandling in several files, including cbz/mucbz.c, cbz/muimg.c, and...

Artifex MuPDF Code Issue Vulnerability

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in the 'fzloadpage' function in the fitz/document.c file in Artifex MuPDF version 1.14.0. An attacker could exploit this vulnerability to cause an impact on usability...

Artifex MuPDF Resource Management Error Vulnerability

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in the svgrunusesymbol, svgrunelement, and svgrunuse of the svg-run.c file in Artifex MuPDF version 1.14.0. An attacker can exploit this vulnerability to cause infinite recursion...

Fedora Update for mupdf FEDORA-2018-aadd3c2790

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 29 : mupdf (2018-93558de1ac)

rebase and bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 28 : mupdf (2018-049dee041d)

CVE-2018-10289 rh bz 1573050 gs bz 699271 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

mupdf/pdf_fuzzer: Heap-use-after-free in begin_softmask

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5645768816328704 Project: mupdf Fuzzer: aflmupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: aflasanmupdf Platform Id: linux Crash Type: Heap-use-after-free WRITE 4 Crash Address: 0x62d00018faf0...

Denial Of Service (DoS)

Artifex MuPDF is vulnerable to denial of service. A remote attacker is able to cause a denial of service condition from scg/svg-run.c via a crafted SVG file due to recursive calls which causes a crash in the function fzxmlatt in fitz/xml.c resulted from excessive stack consumption...

Null pointer dereference

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-19882

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

Design/Logic Flaw

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...

CVE-2018-19882

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

UBUNTU-CVE-2018-19882

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

DEBIAN-CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service recursive calls followed by a fitz/xml.c fzxmlatt crash from excessive stack consumption via a crafted svg file, as demonstrated by mupdf-gl...