Secunia Research has discovered two vulnerabilities in MuPDF, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "loadsamplefunc()" function in mupdf/pdf_function.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing a sample function with a specially crafted size. 2) An integer overflow error within the "fz_newpixmap()" function in fitz/res_pixmap.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file containing an image with specially crafted dimensions. Fixed in the Darcs repository.
*** Bug 361131 has been marked as a duplicate of this bug. ***
Arches, please stabilize mupdf-0.8.15.
amd64 ok
amd64 done, thanks Agostino
ppc done
Tested on x86, looks good over here.
Builds and runs fine on x86. Please mark stable for x86.
x86 stable + 30 Mar 2011; Michael Weber <xmw@gentoo.org> -mupdf-0.7-r1.ebuild, + -mupdf-0.7_p20110212.ebuild, -files/mupdf-0.7-buildsystem.patch, + -files/mupdf-0.7-zoom.patch, -files/mupdf-0.7_p20110212-buildsystem.patch, + -files/mupdf-0.7_p20110212-zoom.patch, mupdf-0.8.15.ebuild: + x86 stable (thanks to Andreas Schürch and Myckel Habets for testing, bug + 358029), removing old affected versions from tree Can I close this now or does it need further attention from security?
(In reply to comment #8) > > Can I close this now or does it need further attention from security? Thanks, Michael. We take care of closing security bugs. GLSA request filed.
This issue was resolved and addressed in GLSA 201412-43 at http://security.gentoo.org/glsa/glsa-201412-43.xml by GLSA coordinator Yury German (BlueKnight).
