1345 matches found
UBUNTU-CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
ALPINE-CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
CVE-2018-6544
pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document...
CVE-2018-6544
MuPDF 1.12.0 (Artifex MuPDF) contains CVE-2018-6544 in pdf_load_obj_stm (pdf/pdf-xref.c): object streams can be referenced recursively, causing exhaustion of the error stack and enabling a remote denial of service via a crafted PDF. Multiple Arch Linux advisories (ASA-201805-4/5/6/7/8) describe t...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_drop_key_storable
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=6271378429837312 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_is_empty_irect
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5771535236202496 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Crash in pdf_read_new_xref
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=4558604561547264 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x7173ffffffe0 Cra...
[ASA-201801-29] libmupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201801-29 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : libmupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-599 Summary ======= The package libmupdf before...
[ASA-201801-31] zathura-pdf-mupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201801-31 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : zathura-pdf-mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-600 Summary ======= The package...
[ASA-201801-27] mupdf: arbitrary code execution
Arch Linux Security Advisory ASA-201801-27 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : mupdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-599 Summary ======= The package mupdf before version...
[ASA-201801-28] mupdf-gl: arbitrary code execution
Arch Linux Security Advisory ASA-201801-28 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : mupdf-gl Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-599 Summary ======= The package mupdf-gl before...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in cf2_glyphpath_lineTo
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=4986847932448768 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in MatShaperEval16
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5753145964625920 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Heap-buffer-overflow in jpx_read_image
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=6011746750824448 Project: mupdf Fuzzer: aflmupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: aflasanmupdf Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x7f0b2eb44174...
Denial Of Service (DoS)
MuPDF is vulnerable to denial of service DoS attacks. A malicious user can pass a pdf file to the application to cause a segmentation fault through the pdfreadnewxref method in the pdf/pdf-xref.c file, causing the application to crash...
openSUSE Security Update : mupdf (openSUSE-2018-89)
This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed : - CVE-2018-5686: Prevent infinite loop in pdfparsearray function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in jbig2_end_of_stripe
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5247757901103104 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in evict
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5724360087175168 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...