CVE-2018-1000051 Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. Upstream bug(s): https://bugs.ghostscript.com/show_bug.cgi?id=698825 https://bugs.ghostscript.com/show_bug.cgi?id=698873 Upstream fix(es): http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384 CVE-2018-6544 pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. Upstream bug(s): https://bugs.ghostscript.com/show_bug.cgi?id=698830 https://bugs.ghostscript.com/show_bug.cgi?id=698965 Upstream fix(es): http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 Unfortunately mupdf mutates rapidly and the fixes are not easily applicable to the stable version :-( Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3 commit 856a6ad1fd3dfe1ab67a2976edc3f5dedd694fa3 Author: Jouni Kosonen <jouni.kosonen@tukesoft.com> AuthorDate: 2018-06-27 07:03:42 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-07-25 01:31:14 +0000 app-text/mupdf: version bump to 1.13.0 Bug: https://bugs.gentoo.org/646010 Bug: https://bugs.gentoo.org/651828 Bug: https://bugs.gentoo.org/658618 app-text/mupdf/Manifest | 1 + .../mupdf/files/mupdf-1.13-openssl-curl-x11.patch | 39 +++++ app-text/mupdf/mupdf-1.13.0.ebuild | 166 +++++++++++++++++++++ 3 files changed, 206 insertions(+)
Syncing whiteboard status with bug 658618
Added to GLSA.
This issue was resolved and addressed in GLSA 201811-15 at https://security.gentoo.org/glsa/201811-15 by GLSA coordinator Aaron Bauman (b-man).