Joined: 12 May 2004
|Posted: Fri Dec 26, 2014 8:26 pm Post subject: [ GLSA 201412-43 ] MuPDF
|Gentoo Linux Security Advisory
Title: MuPDF: User-assisted execution of arbitrary code (GLSA 201412-43)
Date: December 26, 2014
Bug(s): #358029, #498876
Multiple vulnerabilities have been found in MuPDF, possibly
resulting in remote code execution or Denial of Service.
MuPDF is a lightweight PDF viewer and toolkit written in portable C.
Vulnerable: < 1.3_p20140118
Unaffected: >= 1.3_p20140118
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in MuPDF. Please review
the CVE identifier and Secunia Research referenced below for details.
A remote attacker could entice a user to open a specially crafted PDF
using MuPDF, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All MuPDF users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/mupdf-1.3_p20140118"
MuPDF Two Integer Overflow Vulnerabilities
Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total