AVG-458

Package libmupdf, mupdf, mupdf-gl, mupdf-tools
Status Fixed
Severity High
Type arbitrary code execution
Affected 1.11-4
Fixed 1.11-5
Current 1.14.0-1 [community]
Ticket None
Created Fri Oct 20 14:18:29 2017
Issue Severity Remote Type Description
CVE-2017-15587 High No Arbitrary code execution
An integer overflow leading to an out-of-bounds wrte has been found in mupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to write...
CVE-2017-14687 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because of...
CVE-2017-14686 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This occurs because read_zip_dir_imp in...
CVE-2017-14685 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because...
Date Advisory Package Description
01 Nov 2017 ASA-201711-4 mupdf arbitrary code execution
01 Nov 2017 ASA-201711-3 mupdf-tools arbitrary code execution
01 Nov 2017 ASA-201711-2 libmupdf arbitrary code execution
01 Nov 2017 ASA-201711-1 mupdf-gl arbitrary code execution