Debian Mupdf vulnerabilities

CVE-2019-6130 [MEDIUM] CVE-2019-6130: mupdf - Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/documen... Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-3) bullseye: resolved (fixed in 1.14.0+ds1-3) forky: resolved (fixed in 1.14.0+ds1-3) sid: resolved (fixed in

CVE-2019-6131 [MEDIUM] CVE-2019-6131: mupdf - svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption ... svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-3) bullseye: resolved (fixed in 1.14.0+ds1-3) forky: resolved (fixed in 1.14.0+ds1-3) sid: resolved (fixed in 1.14.0+ds1-3) trixie: resolved (fixed in 1.

CVE-2019-7321 [CRITICAL] CVE-2019-7321: mupdf - Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF... Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14975 [HIGH] CVE-2019-14975: mupdf - Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune i... Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-1000038 [HIGH] CVE-2018-1000038: mupdf - In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_loo... In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in 1.13.0+ds1-1) sid: resolved (fixed in 1.13.0+ds1-1) trixie:

CVE-2018-1000051 [HIGH] CVE-2018-1000051: mupdf - Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_... Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. Scope: local bookworm: resolved (fixed in 1.12.0+ds1-1) bullseye: resolved (fixed in 1.12.0+ds1-1) forky: resolved (fixed in 1.12.0+ds1-1) sid:

CVE-2018-6544 [MEDIUM] CVE-2018-6544: mupdf - pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the o... pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. Scope: local bookworm: resolved (fixed in 1.12.0+ds1-1) bullseye: resolved (fixed in 1.12.0+ds1-1) forky: resolved (fixed in 1.12.0+ds1-1) s

CVE-2018-6192 [MEDIUM] CVE-2018-6192: mupdf - In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows... In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in 1.13.0+ds1-1) sid: resolved (fixed in 1.13.0+ds

CVE-2018-16647 [MEDIUM] CVE-2018-16647: mupdf - In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allow... In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-4) bullseye: resolved (fixed in 1.14.0+ds1-4) forky: resolved (fixed in 1.14.0+ds1-4) sid: resolved (fixed i

CVE-2018-1000040 [MEDIUM] CVE-2018-1000040: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in... In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in 1.13.0+ds1-1) sid: resolved (fixed i

CVE-2018-16648 [MEDIUM] CVE-2018-16648: mupdf - In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows rem... In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-4) bullseye: resolved (fixed in 1.14.0+ds1-4) forky: resolved (fixed in 1

CVE-2018-18662 [MEDIUM] CVE-2018-18662: mupdf - There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPD... There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-3) bullseye: resolved (fixed in 1.14.0+ds1-3) forky: resolved (fixed in 1.14.0+ds1-3) sid: resolved (fixed in 1.14.0+ds1-3) trixie: resolved (fixed in 1.14.0+ds1-3)

CVE-2018-1000039 [MEDIUM] CVE-2018-1000039: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PD... In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in 1.13.0+ds1-1) sid: resolved (fixed in

CVE-2018-6187 [MEDIUM] CVE-2018-6187: mupdf - In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in ... In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in

CVE-2018-5686 [MEDIUM] CVE-2018-5686: mupdf - In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in... In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: r

CVE-2018-1000037 [MEDIUM] CVE-2018-1000037: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF pa... In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-1) bullseye: resolved (fixed in 1.13.0+ds1-1) forky: resolved (fixed in 1.13.0+ds1-1) sid: resolved (fixed in 1.13.0+ds1-1) trixie: resolved (fi

CVE-2018-1000036 [MEDIUM] CVE-2018-1000036: mupdf - In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser all... In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 1.14.0+ds1-1) bullseye: resolved (fixed in 1.14.0+ds1-1) forky: resolved (fixed in 1.14.0+ds1-1) sid: resolved (fixed in 1.14.0+ds1-1) trixie: resolved (fixed in 1.

CVE-2018-19881 [MEDIUM] CVE-2018-19881: mupdf - In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial... In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. Scope: local bookworm: resolved (fixed in 1.15.0+ds1-1) bullseye: resolved (fixed in 1.15.0+ds1-1) forky: resolved (fixed in 1.15.

CVE-2018-19882 [MEDIUM] CVE-2018-19882: mupdf - In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remo... In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. Scope: local bookworm: resolved (fixed in 1.15.0+ds1-1) bullseye: resolved (fixed in 1.15.0+ds1-1) forky: resolved (fixed in 1.15.0+ds1

CVE-2018-19777 [MEDIUM] CVE-2018-19777: mupdf - In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_t... In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. Scope: local bookworm: resolved (fixed in 1.15.0+ds1-1) bullseye: resolved (fixed in 1.15.0+ds1-1) forky: resolved (fixed in 1.15.0+ds1-1) sid: resolved (fixed in 1.15.0+ds1-1) trixie: resolved (fixed in 1.15.0+ds1-1)