[3.7] mupdf: Multiple vulnerabilities (CVE-2018-6187, CVE-2018-6192, CVE-2018-6544, CVE-2018-1000051)
CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document()
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow
vulnerability in the do_pdf_save_document function in the
pdf/pdf-write.c file. Remote attackers could leverage the vulnerability
to cause a denial of service via a crafted pdf file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6187
https://bugs.ghostscript.com/show\_bug.cgi?id=698908
CVE-2018-6192: Segment violation in pdf_read_new_xref function in pdf/pdf-xref.c
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in
pdf/pdf-xref.c allows remote attackers to cause
a denial of service (segmentation violation and application crash) via a
crafted pdf file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6192
https://bugs.ghostscript.com/show\_bug.cgi?id=698916
CVE-2018-6544: denial of service (DoS) via a crafted PDF document
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could
reference the object stream recursively and therefore
run out of error stack, which allows remote attackers to cause a denial
of service via a crafted PDF document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6544
Patches:
http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
CVE-2018-1000051: use-after-free in fz_keep_key_storable function
A flaw was found in Artifex Mupdf version 1.12.0 in
fz_keep_key_storable function. There is Use After Free vulnerability
which
can be triggered by supplying a malformed PDF file. This can result in a
Denial of Service or a Possible code execution.
References:
https://bugs.ghostscript.com/show\_bug.cgi?id=698825
https://bugs.ghostscript.com/show\_bug.cgi?id=698873
https://nvd.nist.gov/vuln/detail/CVE-2018-1000051
Patch:
http://git.ghostscript.com/?p=mupdf.git;h=321ba1de287016b0036bf4a56ce774ad11763384
(from redmine: issue id 8581, created on 2018-02-27, closed on 2019-05-04)
- Relations:
- parent #8579
- Changesets:
- Revision f26e75a1 by prs pkt on 2018-08-08T16:24:24Z:
main/mupdf: upgrade to 1.13.0
add secfixes comments
fixes #8581
(cherry picked from commit 831d2ee24986330048dfa488c8bb5017656e8efd)