CVE-2017-14687 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Arbitrary code execution |
| Description | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because of mishandling of XML tag name comparisons. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-476 | zathura-pdf-mupdf | 0.3.1-3 | 0.3.1-4 | High | Fixed | |
| AVG-458 | libmupdf, mupdf, mupdf-gl, mupdf-tools | 1.11-4 | 1.11-5 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 01 Nov 2017 | ASA-201711-5 | AVG-476 | zathura-pdf-mupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-4 | AVG-458 | mupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-3 | AVG-458 | mupdf-tools | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-2 | AVG-458 | libmupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-1 | AVG-458 | mupdf-gl | High | arbitrary code execution |
| References |
|---|
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 https://bugs.ghostscript.com/show_bug.cgi?id=698558 |