Описание
Security update for mupdf
This update for mupdf fixes the following vulnerabilities:
- CVE-2017-5627: Integer overflow in the mujs implementation (boo#1022503)
- CVE-2017-5628: Integer overflow in the mujs implementation (boo#1022504)
- CVE-2017-5896: heap overflow (boo#1023761, boo#1024679)
- NULL pointer dereference in dodrawpage (boo#1023760)
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:0504-1
- SUSE Security Ratings
Описание
An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.
Затронутые продукты
Ссылки
- CVE-2017-5627
- SUSE Bug 1022503
Описание
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.
Затронутые продукты
Ссылки
- CVE-2017-5628
- SUSE Bug 1022504
Описание
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2017-5896
- SUSE Bug 1023761
- SUSE Bug 1024679
- SUSE Bug 1031053