Security update for mupdf
This update for mupdf fixes several issues.
These security issues were fixed:
- CVE-2018-6187: Prevent heap-based buffer overflow in the do_pdf_save_document
function. Remote attackers could leverage the vulnerability to cause a denial
of service via a crafted pdf file (bsc#1077407).
- CVE-2018-6544: pdf_load_obj_stm could have referenced the object stream
recursively and therefore run out of error stack, which allowed remote
attackers to cause a denial of service via a crafted PDF document
(bsc#1079100).
- CVE-2018-6192: The pdf_read_new_xref function allowed remote attackers to
cause a denial of service (segmentation violation and application crash) via a
crafted pdf file (bsc#1077755).
-
Submitted by
Karol Babioch (kbabioch)
Fixed bugs
bnc#1077407
VUL-0: CVE-2018-6187: In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackerscould leverage the vulnerability to cause a denial of serv
bnc#1077755
VUL-0: CVE-2018-6192: In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allowsremote attackers to cause a denial of service (segmentation violation andapplication crash) via a crafted pdf file.
bnc#1079100
VUL-0: CVE-2018-6544: mupdf: denial of service in pdf_load_obj_stm in pdf/pdf-xref.c
