Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651828 (CVE-2018-1000051, CVE-2018-6544) - <app-text/mupdf-1.13.0: multiple vulnerabilities
Summary: <app-text/mupdf-1.13.0: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-1000051, CVE-2018-6544
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: 658618
Blocks:
  Show dependency tree
 
Reported: 2018-03-28 15:47 UTC by Ian Zimmerman
Modified: 2018-11-26 18:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2018-03-28 15:47:41 UTC
CVE-2018-1000051 

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

Upstream bug(s):
https://bugs.ghostscript.com/show_bug.cgi?id=698825
https://bugs.ghostscript.com/show_bug.cgi?id=698873

Upstream fix(es):
http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384

CVE-2018-6544

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

Upstream bug(s):
https://bugs.ghostscript.com/show_bug.cgi?id=698830
https://bugs.ghostscript.com/show_bug.cgi?id=698965

Upstream fix(es):
http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d

http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89

Unfortunately mupdf mutates rapidly and the fixes are not easily applicable to the stable version :-(


Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2018-07-25 01:33:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3

commit 856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3
Author:     Jouni Kosonen <jouni.kosonen@tukesoft.com>
AuthorDate: 2018-06-27 07:03:42 +0000
Commit:     Virgil Dupras <vdupras@gentoo.org>
CommitDate: 2018-07-25 01:31:14 +0000

    app-text/mupdf: version bump to 1.13.0
    
    Bug: https://bugs.gentoo.org/646010
    Bug: https://bugs.gentoo.org/651828
    Bug: https://bugs.gentoo.org/658618

 app-text/mupdf/Manifest                            |   1 +
 .../mupdf/files/mupdf-1.13-openssl-curl-x11.patch  |  39 +++++
 app-text/mupdf/mupdf-1.13.0.ebuild                 | 166 +++++++++++++++++++++
 3 files changed, 206 insertions(+)
Comment 2 Virgil Dupras gentoo-dev 2018-08-18 21:09:40 UTC
Syncing whiteboard status with bug 658618
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-11-24 21:58:56 UTC
Added to GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-11-26 18:35:10 UTC
This issue was resolved and addressed in
 GLSA 201811-15 at https://security.gentoo.org/glsa/201811-15
by GLSA coordinator Aaron Bauman (b-man).