Information on source package mupdf

Available versions

ReleaseVersion
jessie (security)1.5-1+deb8u4
stretch1.9a+ds1-4+deb9u3
stretch (security)1.9a+ds1-4+deb9u4
buster1.14.0+ds1-2
sid1.14.0+ds1-2

Open issues

BugjessiestretchbustersidDescription
CVE-2018-6192vulnerable (no DSA)fixedfixedfixedIn Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...
CVE-2018-6187vulnerable (no DSA)fixedfixedfixedIn Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...
CVE-2018-5686vulnerable (no DSA)fixedfixedfixedIn MuPDF 1.12.0, there is an infinite loop vulnerability and ...
CVE-2018-19777vulnerable (no DSA, ignored)vulnerablevulnerablevulnerableIn Artifex MuPDF 1.14.0, there is an infinite loop in the function ...
CVE-2018-18662fixedvulnerablevulnerablevulnerableThere is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in ...
CVE-2018-16648vulnerable (no DSA, ignored)vulnerablevulnerablevulnerableIn Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c ...
CVE-2018-16647vulnerable (no DSA, ignored)vulnerablevulnerablevulnerableIn Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...
CVE-2018-1000039fixedvulnerablefixedfixedIn MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...
CVE-2018-1000038fixedvulnerablefixedfixedIn MuPDF 1.12.0 and earlier, a stack buffer overflow in function ...
CVE-2017-17866vulnerable (no DSA)fixedfixedfixedpdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...
CVE-2017-14687vulnerable (no DSA)fixedfixedfixedArtifex MuPDF 1.11 allows attackers to cause a denial of service or ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2018-19882vulnerablevulnerablevulnerablevulnerableIn Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c ...
CVE-2018-19881vulnerablevulnerablevulnerablevulnerableIn Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause ...
CVE-2018-10289fixedvulnerablefixedfixedIn MuPDF 1.13.0, there is an infinite loop in the fz_skip_space ...
CVE-2018-1000036vulnerablevulnerablefixedfixedIn MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser ...
CVE-2017-6060vulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in jstest_main.c in mujstest in Artifex ...
CVE-2016-10247vulnerablevulnerablevulnerablevulnerableBuffer overflow in the my_getline function in jstest_main.c in ...
CVE-2016-10246vulnerablevulnerablevulnerablevulnerableBuffer overflow in the main function in jstest_main.c in Mujstest in ...

Resolved issues

BugDescription
CVE-2018-6544pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could ...
CVE-2018-1000051Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability ...
CVE-2018-1000040In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs ...
CVE-2018-1000037In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...
CVE-2017-7264Use-after-free vulnerability in the fz_subsample_pixmap function in ...
CVE-2017-5991An issue was discovered in Artifex Software, Inc. MuPDF before ...
CVE-2017-5896Heap-based buffer overflow in the fz_subsample_pixmap function in ...
CVE-2017-17858Heap-based buffer overflow in the ensure_solid_xref function in ...
CVE-2017-15587An integer overflow was discovered in pdf_read_new_xref_section in ...
CVE-2017-15369The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...
CVE-2017-14686Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...
CVE-2017-14685Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...
CVE-2016-8728An exploitable heap out of bounds write vulnerability exists in the ...
CVE-2016-8674The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows ...
CVE-2016-6525Heap-based buffer overflow in the pdf_load_mesh_params function in ...
CVE-2016-6265Use-after-free vulnerability in the pdf_load_xref function in ...
CVE-2016-10221The count_entries function in pdf-layer.c in Artifex Software, Inc. ...
CVE-2014-2013Stack-based buffer overflow in the xps_parse_color function in ...

Security announcements

DSA / DLADescription
DSA-4334-1mupdf - security update
DSA-4152-1mupdf - security update
DSA-4152-1mupdf - security update
DSA-4006-2mupdf - security update
DSA-4006-2mupdf - security update
DLA-1164-1mupdf - security update
DSA-4006-1mupdf - security update
DSA-3797-1mupdf - security update
DSA-3655-1mupdf - security update
DLA-589-1mupdf - security update
DSA-2951-1mupdf - security update

Search for package or bug name: Reporting problems