CVE-2017-15587 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Arbitrary code execution |
| Description | An integer overflow leading to an out-of-bounds wrte has been found in mupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to write controlled data to an arbitrary location in memory when performing truncated xref checks. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-476 | zathura-pdf-mupdf | 0.3.1-3 | 0.3.1-4 | High | Fixed | |
| AVG-458 | libmupdf, mupdf, mupdf-gl, mupdf-tools | 1.11-4 | 1.11-5 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 01 Nov 2017 | ASA-201711-5 | AVG-476 | zathura-pdf-mupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-4 | AVG-458 | mupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-3 | AVG-458 | mupdf-tools | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-2 | AVG-458 | libmupdf | High | arbitrary code execution |
| 01 Nov 2017 | ASA-201711-1 | AVG-458 | mupdf-gl | High | arbitrary code execution |
| References |
|---|
https://nandynarwhals.org/CVE-2017-15587/ http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 |