Bug 1056699 - (CVE-2014-2013) CVE-2014-2013 mupdf: stack-based buffer overflow in xps_parse_color()
CVE-2014-2013 mupdf: stack-based buffer overflow in xps_parse_color()
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140120,repor...
: Security
Depends On: 1056704
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-22 13:08 EST by Martin Prpic
Modified: 2015-07-31 03:15 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-06 15:28:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Martin Prpic 2014-01-22 13:08:04 EST
A stack-based buffer overflow was found [1] in mupdf's xps_parse_color() function. An attacker could create a specially crafted XPS file that, when opened, could cause mupdf or an application using mupdf to crash.

Upstream bug filed at [2], along with an attached reproducer. Bug is fixed upstream via [3].

[1] http://seclists.org/fulldisclosure/2014/Jan/130
[2] http://bugs.ghostscript.com/show_bug.cgi?id=694957
[3] http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Comment 1 Martin Prpic 2014-01-22 13:17:20 EST
Created mupdf tracking bugs for this issue:

Affects: fedora-all [bug 1056704]
Comment 2 Fedora Update System 2014-02-05 22:44:30 EST
mupdf-1.1-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2014-02-05 22:54:51 EST
mupdf-1.1-5.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.