| Snyk

Threat Intelligence

0.45% (76^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-MUPDF-382571
published24 May 2018
disclosed24 May 2018

Report a new vulnerability Found a mistake?

Introduced: 24 May 2018

CVE-2018-1000038 (opens in a new tab) CWE-787 (opens in a new tab)

How to fix?

Upgrade Debian:unstable mupdf to version 1.13.0+ds1-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mupdf package and not the mupdf package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.

References

https://security-tracker.debian.org/tracker/CVE-2018-1000038
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
https://security.gentoo.org/glsa/201811-15
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=71ceebcf56e682504da22c4035b39a2d451e8ffd%3Bhp=7f82c01523505052615492f8e220f4348ba46995
http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=f597300439e62f5e921f0d7b1e880b5c1a1f1607%3Bhp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
https://bugs.ghostscript.com/show_bug.cgi?id=698884

Out-of-bounds Write Affecting mupdf package, versions <1.13.0+ds1-1

Severity