mupdf-1.18.0-1.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11068-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z mupdf-1.18.0-1.7 on GA media These are all security issues fixed in the mupdf-1.18.0-1.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11068 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10132/ SUSE CVE CVE-2016-10132 page https://www.suse.com/security/cve/CVE-2016-10141/ SUSE CVE CVE-2016-10141 page https://www.suse.com/security/cve/CVE-2016-10221/ SUSE CVE CVE-2016-10221 page https://www.suse.com/security/cve/CVE-2016-8729/ SUSE CVE CVE-2016-8729 page https://www.suse.com/security/cve/CVE-2017-15369/ SUSE CVE CVE-2017-15369 page https://www.suse.com/security/cve/CVE-2017-17858/ SUSE CVE CVE-2017-17858 page https://www.suse.com/security/cve/CVE-2017-5627/ SUSE CVE CVE-2017-5627 page https://www.suse.com/security/cve/CVE-2017-5628/ SUSE CVE CVE-2017-5628 page https://www.suse.com/security/cve/CVE-2017-5896/ SUSE CVE CVE-2017-5896 page https://www.suse.com/security/cve/CVE-2017-7976/ SUSE CVE CVE-2017-7976 page https://www.suse.com/security/cve/CVE-2018-1000051/ SUSE CVE CVE-2018-1000051 page https://www.suse.com/security/cve/CVE-2018-16647/ SUSE CVE CVE-2018-16647 page https://www.suse.com/security/cve/CVE-2018-16648/ SUSE CVE CVE-2018-16648 page https://www.suse.com/security/cve/CVE-2018-18662/ SUSE CVE CVE-2018-18662 page https://www.suse.com/security/cve/CVE-2018-5686/ SUSE CVE CVE-2018-5686 page https://www.suse.com/security/cve/CVE-2018-6187/ SUSE CVE CVE-2018-6187 page https://www.suse.com/security/cve/CVE-2018-6192/ SUSE CVE CVE-2018-6192 page https://www.suse.com/security/cve/CVE-2018-6544/ SUSE CVE CVE-2018-6544 page openSUSE Tumbleweed mupdf-1.18.0-1.7 mupdf-devel-static-1.18.0-1.7 mupdf-1.18.0-1.7 as a component of openSUSE Tumbleweed mupdf-devel-static-1.18.0-1.7 as a component of openSUSE Tumbleweed regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. CVE-2016-10132 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10132.html CVE-2016-10132 https://bugzilla.suse.com/1019877 SUSE Bug 1019877 An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. CVE-2016-10141 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10141.html CVE-2016-10141 https://bugzilla.suse.com/1019877 SUSE Bug 1019877 The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. CVE-2016-10221 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10221.html CVE-2016-10221 https://bugzilla.suse.com/1032140 SUSE Bug 1032140 An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. CVE-2016-8729 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8729.html CVE-2016-8729 https://bugzilla.suse.com/1039850 SUSE Bug 1039850 https://bugzilla.suse.com/1039931 SUSE Bug 1039931 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. CVE-2017-15369 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15369.html CVE-2017-15369 https://bugzilla.suse.com/1063413 SUSE Bug 1063413 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. CVE-2017-17858 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17858.html CVE-2017-17858 https://bugzilla.suse.com/1077161 SUSE Bug 1077161 An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file. CVE-2017-5627 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5627.html CVE-2017-5627 https://bugzilla.suse.com/1022503 SUSE Bug 1022503 An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file. CVE-2017-5628 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5628.html CVE-2017-5628 https://bugzilla.suse.com/1022504 SUSE Bug 1022504 Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. CVE-2017-5896 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5896.html CVE-2017-5896 https://bugzilla.suse.com/1023761 SUSE Bug 1023761 https://bugzilla.suse.com/1024679 SUSE Bug 1024679 https://bugzilla.suse.com/1031053 SUSE Bug 1031053 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. CVE-2017-7976 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7976.html CVE-2017-7976 https://bugzilla.suse.com/1035032 SUSE Bug 1035032 https://bugzilla.suse.com/1052029 SUSE Bug 1052029 Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. CVE-2018-1000051 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1000051.html CVE-2018-1000051 https://bugzilla.suse.com/1080531 SUSE Bug 1080531 In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. CVE-2018-16647 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16647.html CVE-2018-16647 https://bugzilla.suse.com/1107595 SUSE Bug 1107595 In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. CVE-2018-16648 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16648.html CVE-2018-16648 https://bugzilla.suse.com/1106883 SUSE Bug 1106883 https://bugzilla.suse.com/1107593 SUSE Bug 1107593 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. CVE-2018-18662 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18662.html CVE-2018-18662 https://bugzilla.suse.com/1113670 SUSE Bug 1113670 In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. CVE-2018-5686 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5686.html CVE-2018-5686 https://bugzilla.suse.com/1075936 SUSE Bug 1075936 In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. CVE-2018-6187 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6187.html CVE-2018-6187 https://bugzilla.suse.com/1077407 SUSE Bug 1077407 In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. CVE-2018-6192 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6192.html CVE-2018-6192 https://bugzilla.suse.com/1077755 SUSE Bug 1077755 pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. CVE-2018-6544 openSUSE Tumbleweed:mupdf-1.18.0-1.7 openSUSE Tumbleweed:mupdf-devel-static-1.18.0-1.7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6544.html CVE-2018-6544 https://bugzilla.suse.com/1079100 SUSE Bug 1079100