Security update for mupdf SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0227-1 Final 1 1 2018-01-25T19:15:35Z current 2018-01-25T19:15:35Z 2018-01-25T19:15:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mupdf This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed: - CVE-2018-5686: Prevent infinite loop in pdf_parse_array function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file (bsc#1075936). - CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c mishandled a case where a variable may reside in a register, which allowed remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1063413). - CVE-2017-15587: Prevent integer overflow in pdf_read_new_xref_section that allowed for DoS (bsc#1064027). - CVE-2017-17866: Fixed mishandling of length changes when a repair operation occured during a clean operation, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1074116). - CVE-2017-17858: Fixed a heap-based buffer overflow in the ensure_solid_xref function which allowed a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers were unrestricted (bsc#1077161). For non-security changes please refer to the changelog. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html E-Mail link for openSUSE-SU-2018:0227-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 mupdf-1.12.0-23.1 mupdf-devel-static-1.12.0-23.1 mupdf-1.12.0-23.1 as a component of openSUSE Leap 42.2 mupdf-devel-static-1.12.0-23.1 as a component of openSUSE Leap 42.2 mupdf-1.12.0-23.1 as a component of openSUSE Leap 42.3 mupdf-devel-static-1.12.0-23.1 as a component of openSUSE Leap 42.3 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. CVE-2017-15369 openSUSE Leap 42.2:mupdf-1.12.0-23.1 openSUSE Leap 42.2:mupdf-devel-static-1.12.0-23.1 openSUSE Leap 42.3:mupdf-1.12.0-23.1 openSUSE Leap 42.3:mupdf-devel-static-1.12.0-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html https://www.suse.com/security/cve/CVE-2017-15369.html CVE-2017-15369 https://bugzilla.suse.com/1063413 SUSE Bug 1063413 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. CVE-2017-15587 openSUSE Leap 42.2:mupdf-1.12.0-23.1 openSUSE Leap 42.2:mupdf-devel-static-1.12.0-23.1 openSUSE Leap 42.3:mupdf-1.12.0-23.1 openSUSE Leap 42.3:mupdf-devel-static-1.12.0-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html https://www.suse.com/security/cve/CVE-2017-15587.html CVE-2017-15587 https://bugzilla.suse.com/1064027 SUSE Bug 1064027 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. CVE-2017-17858 openSUSE Leap 42.2:mupdf-1.12.0-23.1 openSUSE Leap 42.2:mupdf-devel-static-1.12.0-23.1 openSUSE Leap 42.3:mupdf-1.12.0-23.1 openSUSE Leap 42.3:mupdf-devel-static-1.12.0-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html https://www.suse.com/security/cve/CVE-2017-17858.html CVE-2017-17858 https://bugzilla.suse.com/1077161 SUSE Bug 1077161 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. CVE-2017-17866 openSUSE Leap 42.2:mupdf-1.12.0-23.1 openSUSE Leap 42.2:mupdf-devel-static-1.12.0-23.1 openSUSE Leap 42.3:mupdf-1.12.0-23.1 openSUSE Leap 42.3:mupdf-devel-static-1.12.0-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html https://www.suse.com/security/cve/CVE-2017-17866.html CVE-2017-17866 https://bugzilla.suse.com/1074116 SUSE Bug 1074116 In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. CVE-2018-5686 openSUSE Leap 42.2:mupdf-1.12.0-23.1 openSUSE Leap 42.2:mupdf-devel-static-1.12.0-23.1 openSUSE Leap 42.3:mupdf-1.12.0-23.1 openSUSE Leap 42.3:mupdf-devel-static-1.12.0-23.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-01/msg00098.html https://www.suse.com/security/cve/CVE-2018-5686.html CVE-2018-5686 https://bugzilla.suse.com/1075936 SUSE Bug 1075936