Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 651828 (CVE-2018-1000051, CVE-2018-6544)

Summary: <app-text/mupdf-1.13.0: multiple vulnerabilities
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: vdupras
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B2 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 658618    
Bug Blocks:    

Description Ian Zimmerman 2018-03-28 15:47:41 UTC

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Upstream bug(s):

Upstream fix(es):


pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

Upstream bug(s):

Upstream fix(es):;h=26527eef77b3e51c2258c8e40845bfbc015e405d;h=b03def134988da8c800adac1a38a41a1f09a1d89

Unfortunately mupdf mutates rapidly and the fixes are not easily applicable to the stable version :-(

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2018-07-25 01:33:32 UTC
The bug has been referenced in the following commit(s):

commit 856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3
Author:     Jouni Kosonen <>
AuthorDate: 2018-06-27 07:03:42 +0000
Commit:     Virgil Dupras <>
CommitDate: 2018-07-25 01:31:14 +0000

    app-text/mupdf: version bump to 1.13.0

 app-text/mupdf/Manifest                            |   1 +
 .../mupdf/files/mupdf-1.13-openssl-curl-x11.patch  |  39 +++++
 app-text/mupdf/mupdf-1.13.0.ebuild                 | 166 +++++++++++++++++++++
 3 files changed, 206 insertions(+)
Comment 2 Virgil Dupras (RETIRED) gentoo-dev 2018-08-18 21:09:40 UTC
Syncing whiteboard status with bug 658618
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 21:58:56 UTC
Added to GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-11-26 18:35:10 UTC
This issue was resolved and addressed in
 GLSA 201811-15 at
by GLSA coordinator Aaron Bauman (b-man).