Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 651828 (CVE-2018-1000051, CVE-2018-6544)

Summary: <app-text/mupdf-1.13.0: multiple vulnerabilities
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: vdupras
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/8984
https://github.com/gentoo/gentoo/pull/9042
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 658618    
Bug Blocks:    

Description Ian Zimmerman 2018-03-28 15:47:41 UTC 
CVE-2018-1000051 

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Upstream bug(s):
https://bugs.ghostscript.com/show_bug.cgi?id=698825
https://bugs.ghostscript.com/show_bug.cgi?id=698873

Upstream fix(es):
http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384

CVE-2018-6544

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

Upstream bug(s):
https://bugs.ghostscript.com/show_bug.cgi?id=698830
https://bugs.ghostscript.com/show_bug.cgi?id=698965

Upstream fix(es):
http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d

http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89

Unfortunately mupdf mutates rapidly and the fixes are not easily applicable to the stable version :-(


Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2018-07-25 01:33:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3

commit 856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3
Author:     Jouni Kosonen <jouni.kosonen@tukesoft.com>
AuthorDate: 2018-06-27 07:03:42 +0000
Commit:     Virgil Dupras <vdupras@gentoo.org>
CommitDate: 2018-07-25 01:31:14 +0000

    app-text/mupdf: version bump to 1.13.0
    
    Bug: https://bugs.gentoo.org/646010
    Bug: https://bugs.gentoo.org/651828
    Bug: https://bugs.gentoo.org/658618

 app-text/mupdf/Manifest                            |   1 +
 .../mupdf/files/mupdf-1.13-openssl-curl-x11.patch  |  39 +++++
 app-text/mupdf/mupdf-1.13.0.ebuild                 | 166 +++++++++++++++++++++
 3 files changed, 206 insertions(+)
Comment 2 Virgil Dupras (RETIRED) gentoo-dev 2018-08-18 21:09:40 UTC 
Syncing whiteboard status with bug 658618
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 21:58:56 UTC 
Added to GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-11-26 18:35:10 UTC 
This issue was resolved and addressed in
 GLSA 201811-15 at https://security.gentoo.org/glsa/201811-15
by GLSA coordinator Aaron Bauman (b-man).