Advisories » MGASA-2017-0479

Updated mupdf packages fix security vulnerability

Publication date: 31 Dec 2017
Modification date: 31 Dec 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8674 , CVE-2017-5896 , CVE-2017-5991 , CVE-2017-15587

Description

Multiple vulnerabilities have been found in the PDF viewer MuPDF, which
may result in denial of service or the execution of arbitrary code if a
malformed PDF file is opened (CVE-2016-8674, CVE-2017-5896, CVE-2017-5991)

Terry Chia and Jeremy Heng discovered an integer overflow that can cause
arbitrary code execution via a crafted .pdf file (CVE-2017-15587).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20310
• https://www.debian.org/security/2017/dsa-3797
• https://www.debian.org/security/2017/dsa-4006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5896
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5991
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587

SRPMS

5/core

• mupdf-1.5-4.5.mga5