Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Update
patchinfo.7498
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7498
<patchinfo incident="7498"> <issue id="1074116" tracker="bnc">VUL-1: CVE-2017-17866: mupdf: buffer overrun in pdf_xref_len pdf/pdf-write.c</issue> <issue id="1063413" tracker="bnc">VUL-0: CVE-2017-15369: mupdf: The build_filter_chain function a case where a variable may reside in a register, which allows remote attackers to cause DoS</issue> <issue id="1064027" tracker="bnc">VUL-0: CVE-2017-15587: mupdf: Out-of-Bounds Write in ensure_solid_xref</issue> <issue id="1075936" tracker="bnc">VUL-0: CVE-2018-5686: mupdf: In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang inthe pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered.Remote attackers could leverage this vulnerability to cause</issue> <issue id="1077161" tracker="bnc"></issue> <issue id="2017-15369" tracker="cve" /> <issue id="2017-15587" tracker="cve" /> <issue id="2018-5686" tracker="cve" /> <issue id="2017-17866" tracker="cve" /> <issue id="2017-17858" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>kbabioch</packager> <description>This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed: - CVE-2018-5686: Prevent infinite loop in pdf_parse_array function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file (bsc#1075936). - CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c mishandled a case where a variable may reside in a register, which allowed remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1063413). - CVE-2017-15587: Prevent integer overflow in pdf_read_new_xref_section that allowed for DoS (bsc#1064027). - CVE-2017-17866: Fixed mishandling of length changes when a repair operation occured during a clean operation, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1074116). - CVE-2017-17858: Fixed a heap-based buffer overflow in the ensure_solid_xref function which allowed a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers were unrestricted (bsc#1077161). For non-security changes please refer to the changelog. </description> <summary>Security update for mupdf</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor