Debian Mupdf vulnerabilities

CVE-2018-10289 [MEDIUM] CVE-2018-10289: mupdf - In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the ... In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. Scope: local bookworm: resolved (fixed in 1.13.0+ds1-3) bullseye: resolved (fixed in 1.13.0+ds1-3) forky: resolved (fixed in 1.13.0+ds1-3) sid: resolved (fixed i

CVE-2017-14686 [HIGH] CVE-2017-14686: mupdf - Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial ... Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. Scope: local boo

CVE-2017-14685 [HIGH] CVE-2017-14685: mupdf - Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly hav... Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. Scope: loc

CVE-2017-14687 [HIGH] CVE-2017-14687: mupdf - Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly hav... Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. Scope: local bookworm: resolved (fixed in 1.11+ds1-1.1) bul

CVE-2017-15587 [HIGH] CVE-2017-15587: mupdf - An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.... An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. Scope: local bookworm: resolved (fixed in 1.11+ds1-2) bullseye: resolved (fixed in 1.11+ds1-2) forky: resolved (fixed in 1.11+ds1-2) sid: resolved (fixed in 1.11+ds1-2) trixie: resolved (fixed in 1.11+ds1-2)

CVE-2017-17866 [HIGH] CVE-2017-17866: mupdf - pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes... pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. Scope: local bookworm: resolved (fixed in 1.12.0+ds1-1) bullsey

CVE-2017-7264 [MEDIUM] CVE-2017-7264: mupdf - Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.... Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 1.9a+ds1-3) bullseye: resolved (fixed in 1.9a+ds1-3) forky: resolved (fixed in 1.9a+

CVE-2017-5896 [MEDIUM] CVE-2017-5896: mupdf - Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c ... Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. Scope: local bookworm: resolved (fixed in 1.9a+ds1-3) bullseye: resolved (fixed in 1.9a+ds1-3) forky: resolved (fixed in 1.9a+ds1-3) sid: resolved (fixed in 1.9a+ds1-3) t

CVE-2017-15369 [HIGH] CVE-2017-15369: mupdf - The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017... The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. Scope: local bookworm: resolv

CVE-2017-17858 [HIGH] CVE-2017-17858: mupdf - Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c i... Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-6060 [HIGH] CVE-2017-6060: mupdf - Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, In... Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. Scope: local bookworm: resolved (fixed in 1.12.0+ds1-1) bullseye: resolved (fixed in 1.12.0+ds1-1) forky: resolved (fixed in 1.12.0+ds1-1) sid: resolved (fixed in 1.12.0+ds1-1) trixie: resolved (fixed in 1

CVE-2017-5991 [HIGH] CVE-2017-5991: mupdf - An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3a... An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. Scope: local bookworm: resolved (fixed in 1.9a+ds1-4) bullseye: resolved (fixed in 1.9a+ds1-4) fork

CVE-2016-6525 [CRITICAL] CVE-2016-6525: mupdf - Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade... Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. Scope: local bookworm: resolved (fixed in 1.9a+ds1-1.2) bullseye: resolved (fixed in 1.9a+ds1-1.2) forky: resolved (fixed in 1.9a+ds1-1.2) sid: resolved (fixed in

CVE-2016-6265 [MEDIUM] CVE-2016-6265: mupdf - Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in ... Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Scope: local bookworm: resolved (fixed in 1.9a+ds1-1.1) bullseye: resolved (fixed in 1.9a+ds1-1.1) forky: resolved (fixed in 1.9a+ds1-1.1) sid: resolved (fixed in 1.9a+ds1-1.1) trixie: resolved (fixe

CVE-2016-8674 [MEDIUM] CVE-2016-8674: mupdf - The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attac... The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.9a+ds1-2) bullseye: resolved (fixed in 1.9a+ds1-2) forky: resolved (fixed in 1.9a+ds1-2) sid: resolved (fixed in 1.9a+ds1-2) trixie: resolved (fixed in 1

CVE-2016-10247 [MEDIUM] CVE-2016-10247: mupdf - Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artif... Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Scope: local bookworm: resolved (fixed in 1.11+ds1-1) bullseye: resolved (fixed in 1.11+ds1-1) forky: resolved (fixed in 1.11+ds1-1) sid: resolved (fixed in

CVE-2016-8728 [HIGH] CVE-2016-8728: mupdf - An exploitable heap out of bounds write vulnerability exists in the Fitz graphic... An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigg

CVE-2016-10246 [MEDIUM] CVE-2016-10246: mupdf - Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Sof... Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. Scope: local bookworm: resolved (fixed in 1.11+ds1-1) bullseye: resolved (fixed in 1.11+ds1-1) forky: resolved (fixed in 1.11+ds1-1) sid: resolved (fixed in 1.11+d

CVE-2016-10221 [MEDIUM] CVE-2016-10221: mupdf - The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a ... The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-2013 [HIGH] CVE-2014-2013: mupdf - Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c ... Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element. Scope: local bookworm: resolved (fixed in 1.3-2) bullseye: resolved (fixed in 1.3-2) forky: resolved (fixed in 1.3-2) si