Summary: | <app-text/mupdf-1.3_p20140118 - buffer overflow with remote code execution for malicious XPS files (CVE-2014-2013) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | xmw |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.ghostscript.com/?p=mupdf.git;a=commit;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 472532 | ||
Bug Blocks: |
Description
Hank Leininger
2014-01-22 03:26:27 UTC
+*mupdf-1.3_p20140118 (22 Jan 2014) + + 22 Jan 2014; Michael Weber <xmw@gentoo.org> +mupdf-1.3_p20140118.ebuild, + mupdf-9999.ebuild: + Include buffer overflow fix (bug 498876, thanks Hank Leininger), include + mupdf-select-file for .desktop file (bug 482920, thanks Andreas Proteus). + Ready to stable? (In reply to Chris Reffett from comment #2) > Ready to stable? I haven't experienced any oddities, stabilization should be possible, current one is bug 472532. I'd say yes. + 23 Jan 2014; Michael Weber <xmw@gentoo.org> -mupdf-1.0.ebuild, + -mupdf-1.1.ebuild, -mupdf-1.3.ebuild, -mupdf-1.3_p20130828.ebuild, + -mupdf-1.3_pre20130704.ebuild: + Drop old stable and unstable versions for security issues (bug 498876) + 23 Jan 2014; Michael Weber <xmw@gentoo.org> -llpp-12.ebuild, -llpp-16.ebuild, + -llpp-16_p20130828.ebuild: + Drop old stable and unstable versions for security issues (bug 498876) CVE-2014-2013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2013): Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element. This issue was resolved and addressed in GLSA 201412-43 at http://security.gentoo.org/glsa/glsa-201412-43.xml by GLSA coordinator Yury German (BlueKnight). |