[3.5] mupdf: Multiple vulnerabilities (CVE-2018-6187, CVE-2018-6192, CVE-2018-6544, CVE-2018-1000051)
CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document()
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow
vulnerability in the do_pdf_save_document function in the
pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.
CVE-2018-6192: Segment violation in pdf_read_new_xref function in pdf/pdf-xref.c
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in
pdf/pdf-xref.c allows remote attackers to cause
a denial of service (segmentation violation and application crash) via a crafted pdf file.
CVE-2018-6544: denial of service (DoS) via a crafted PDF document
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could
reference the object stream recursively and therefore
run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
CVE-2018-1000051: use-after-free in fz_keep_key_storable function
A flaw was found in Artifex Mupdf version 1.12.0 in
fz_keep_key_storable function. There is Use After Free vulnerability
can be triggered by supplying a malformed PDF file. This can result in a Denial of Service or a Possible code execution.
(from redmine: issue id 8583, created on 2018-02-27, closed on 2019-05-04)
- parent #8579