Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803305 (CVE-2021-37220) - app-text/mupdf: OOB write (CVE-2021-37220)
Summary: app-text/mupdf: OOB write (CVE-2021-37220)
Alias: CVE-2021-37220
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [ebuild]
Depends on:
Reported: 2021-07-22 01:51 UTC by John Helmert III
Modified: 2021-12-12 08:57 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-07-22 01:51:31 UTC

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

Unreleased patch:;h=f5712c9949d026e4b891b25837edd2edc166151f
Comment 1 Sam James archtester gentoo-dev Security 2021-07-22 06:15:09 UTC
Asked upstream about versioning given I don't know if 1.18.1 is a proper release or not. Trying to avoid adding just this patch then ending up stabling something else given it likely has security related fixes in it, in short succession.
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:20:39 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:28:44 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:36:41 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:44:44 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:52:48 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:56:43 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:00:43 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 18:09:00 UTC
Package list is empty or all packages have requested keywords.