CVE-2024-46657 Affecting mupdf package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DEBIANUNSTABLE-MUPDF-8493881
- published11 Dec 2024
- disclosed10 Dec 2024
Introduced: 10 Dec 2024
NewCVE-2024-46657 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
How to fix?
There is no fixed version for Debian:unstable mupdf.
NVD Description
Note: Versions mentioned in the description apply only to the upstream mupdf package and not the mupdf package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
- https://security-tracker.debian.org/tracker/CVE-2024-46657
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac
- https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2
- https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac