Описание
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mupdf | fixed | 1.9a+ds1-3 | package | |
| mupdf | not-affected | wheezy | package |
Примечания
https://bugs.ghostscript.com/show_bug.cgi?id=697515
Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free
vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
in fz_subsample_pixmap.
Связанные уязвимости
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.