SB2018120615 - Multiple vulnerabilities in MuPDF
Published: December 6, 2018 Updated: May 12, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-7321)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
2) Input validation error (CVE-ID: CVE-2019-6130)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
3) Resource management error (CVE-ID: CVE-2019-6131)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
4) Resource exhaustion (CVE-ID: CVE-2018-19881)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
5) NULL pointer dereference (CVE-ID: CVE-2018-19882)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted svg file, as demonstrated by mupdf-gl.
Remediation
Install update from vendor's website.
References
- https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
- http://www.securityfocus.com/bid/106558
- https://bugs.ghostscript.com/show_bug.cgi?id=700446
- https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/
- https://bugs.ghostscript.com/show_bug.cgi?id=700442
- https://bugs.ghostscript.com/show_bug.cgi?id=700342
- https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203