CVE-2021-3407

NameCVE-2021-3407
DescriptionA flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2589-1
NVD severitymedium
Debian Bugs983684

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mupdf (PTS)stretch1.9a+ds1-4+deb9u4vulnerable
stretch (security)1.9a+ds1-4+deb9u7fixed
buster, buster (security)1.14.0+ds1-4+deb10u2vulnerable
bullseye, sid1.17.0+ds1-1.3fixed
bullseye (security)1.17.0+ds1-1.3~deb11u1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mupdfsourcestretch1.9a+ds1-4+deb9u6DLA-2589-1
mupdfsource(unstable)1.17.0+ds1-1.3983684

Notes

http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet)

Search for package or bug name: Reporting problems