Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 358029

Summary: <app-text/mupdf-0.8.15: Two Integer Overflow Vulnerabilities
Product: Gentoo Security Reporter: Yury German <blueknight>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alexanderyt, xmw
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/secunia_research/2011-12/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Yury German Gentoo Infrastructure gentoo-dev 2011-03-09 08:38:08 UTC 
Secunia Research has discovered two vulnerabilities in MuPDF, which
can be exploited by malicious people to compromise a user's system.

1) An integer overflow error within the "loadsamplefunc()" function
in mupdf/pdf_function.c can be exploited to cause a heap-based buffer
overflow by e.g. tricking a user into opening a specially crafted PDF
file containing a sample function with a specially crafted size.

2) An integer overflow error within the "fz_newpixmap()" function in
fitz/res_pixmap.c can be exploited to cause a heap-based buffer
overflow by e.g. tricking a user into opening a specially crafted PDF
file containing an image with specially crafted dimensions.


Fixed in the Darcs repository.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-03-29 15:10:56 UTC 
*** Bug 361131 has been marked as a duplicate of this bug. ***
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-03-29 15:11:57 UTC 
Arches, please stabilize mupdf-0.8.15.
Comment 3 Agostino Sarubbo gentoo-dev 2011-03-29 15:20:38 UTC 
amd64 ok
Comment 4 Christoph Mende (RETIRED) gentoo-dev 2011-03-29 16:08:18 UTC 
amd64 done, thanks Agostino
Comment 5 Michael Weber (RETIRED) gentoo-dev 2011-03-29 22:16:44 UTC 
ppc done
Comment 6 Andreas Schürch gentoo-dev 2011-03-30 04:39:11 UTC 
Tested on x86, looks good over here.
Comment 7 Myckel Habets 2011-03-30 05:28:23 UTC 
Builds and runs fine on x86. Please mark stable for x86.
Comment 8 Michael Weber (RETIRED) gentoo-dev 2011-03-30 09:29:04 UTC 
x86 stable

+  30 Mar 2011; Michael Weber <xmw@gentoo.org> -mupdf-0.7-r1.ebuild,
+  -mupdf-0.7_p20110212.ebuild, -files/mupdf-0.7-buildsystem.patch,
+  -files/mupdf-0.7-zoom.patch, -files/mupdf-0.7_p20110212-buildsystem.patch,
+  -files/mupdf-0.7_p20110212-zoom.patch, mupdf-0.8.15.ebuild:
+  x86 stable (thanks to Andreas Schürch and Myckel Habets for testing, bug
+  358029), removing old affected versions from tree

Can I close this now or does it need further attention from security?
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-03-30 13:39:00 UTC 
(In reply to comment #8)
> 
> Can I close this now or does it need further attention from security?

Thanks, Michael. We take care of closing security bugs.

GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-12-26 18:39:13 UTC 
This issue was resolved and addressed in
 GLSA 201412-43 at http://security.gentoo.org/glsa/glsa-201412-43.xml
by GLSA coordinator Yury German (BlueKnight).