Описание
Security update for mupdf
This update for mupdf to version 1.10a fixes the following issues:
These security issues were fixed:
- CVE-2016-10132: Null pointer dereference in regexp because of a missing check after allocating memory allowing for DoS (bsc#1019877).
- CVE-2016-10133: Heap buffer overflow write in js_stackoverflow allowing for DoS or possible code execution (bsc#1019877).
- CVE-2016-10141: An integer overflow vulnerability triggered by a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition (bsc#1019877).
These non-security issues were fixed:
- A bug with mutool and saving PDF files using the 'ascii' option has been fixed.
- Stop defining OPJ_STATIC
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0369-1
- SUSE Security Ratings
Описание
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
Затронутые продукты
Ссылки
- CVE-2016-10132
- SUSE Bug 1019877
Описание
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
Затронутые продукты
Ссылки
- CVE-2016-10133
- SUSE Bug 1019877
Описание
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition.
Затронутые продукты
Ссылки
- CVE-2016-10141
- SUSE Bug 1019877