Описание
Security update for mupdf
This update for mupdf fixes several issues.
These security issues were fixed:
- CVE-2018-6187: Prevent heap-based buffer overflow in the do_pdf_save_document function. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file (bsc#1077407).
- CVE-2018-6544: pdf_load_obj_stm could have referenced the object stream recursively and therefore run out of error stack, which allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1079100).
- CVE-2018-6192: The pdf_read_new_xref function allowed remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file (bsc#1077755).
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0405-1
- SUSE Security Ratings
Описание
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-6187
- SUSE Bug 1077407
Описание
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-6192
- SUSE Bug 1077755
Описание
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2018-6544
- SUSE Bug 1079100