CVE-2017-5896

Опубликовано: 15 фев. 2017

Источник: debian

Описание

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mupdf	fixed	1.9a+ds1-3		package
mupdf	not-affected		wheezy	package

Примечания

https://bugs.ghostscript.com/show_bug.cgi?id=697515
Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
https://www.openwall.com/lists/oss-security/2017/02/10/1

Связанные уязвимости

CVE-2017-5896

CVSS3: 5.5

ubuntu

почти 9 лет назад

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

CVE-2017-5896

CVSS3: 5.5

nvd

почти 9 лет назад

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

GHSA-xr86-842q-jg2r

CVSS3: 5.5

github

больше 3 лет назад

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

openSUSE-SU-2017:0504-1

suse-cvrf

почти 9 лет назад

Security update for mupdf