From ${URL} : A heap overflow vulnerability leading to a crash was found in the "pdf_load_mesh_params" function in "source/pdf/pdf-shade.c". Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=696954 Upstream patch: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e Original report and CVE request: http://seclists.org/oss-sec/2016/q3/235 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2016-6525 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6525): Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
Fixed in 1.10 upstream.
Stabilization happens in bug 589826.
commit 2af6b2174d988ef90e8178a6c13839d33af70f35 Author: Michael Weber <xmw@gentoo.org> Date: Sun Feb 5 18:24:55 2017 +0100 app-text/mupdf: Remove old versions (bug 600674, 590480, 589826). Package-Manager: Portage-2.3.3, Repoman-2.3.1
GLSA request filed
This issue was resolved and addressed in GLSA 201702-12 at https://security.gentoo.org/glsa/201702-12 by GLSA coordinator Thomas Deutschmann (whissi).