AVG-690 log

Package llpp
Status Fixed
Severity High
Type multiple issues
Affected 27-1
Fixed 27-2
Current Removed
Ticket FS#57486
Created Thu May 10 15:07:51 2018
Issue Severity Remote Type Description
CVE-2018-1000051 High No Arbitrary code execution
Artifex Mupdf version 1.12.0 contains a use-after-free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack...
CVE-2018-6544 Medium Yes Denial of service
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows...
CVE-2018-6192 Medium No Denial of service
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf- xref.c allows remote attackers to cause a denial of service (segmentation violation and...
CVE-2018-6187 Medium No Denial of service
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf- write.c file. Remote...
CVE-2018-5686 Medium No Denial of service
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not...
Date Advisory Package Type
10 May 2018 ASA-201805-8 llpp multiple issues
Notes
Vulnerable due to the statically-linked libmupdf