mupdf: heap based buffer over-write when parsing JBIG2 files allows DoS (CVE-2020-26519)
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-26519
- https://security-tracker.debian.org/tracker/CVE-2020-26519
Patches:
- https://github.com/ArtifexSoftware/mupdf/commit/b82e9b6d6b46877e5c376.patch
- https://github.com/ArtifexSoftware/mupdf/commit/32e4e8b4bcbacbf92af7c.patch
Affected branches:
-
master -
3.12-stable
Edited by Leo