ASA-201801-28 generated external raw

[ASA-201801-28] mupdf-gl: arbitrary code execution
Arch Linux Security Advisory ASA-201801-28 ========================================== Severity: High Date : 2018-01-30 CVE-ID : CVE-2017-17858 Package : mupdf-gl Type : arbitrary code execution Remote : No Link : Summary ======= The package mupdf-gl before version 1.12.0-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.12.0-2. # pacman -Syu "mupdf-gl>=1.12.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. Impact ====== An attacker is able to execute arbitrary code on the affected host by tricking the user to open or process a maliciously crafted PDF document. References ==========;a=commitdiff;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731