A stack-based buffer overflow was found  in mupdf's xps_parse_color() function. An attacker could create a specially crafted XPS file that, when opened, could cause mupdf or an application using mupdf to crash.
Upstream bug filed at , along with an attached reproducer. Bug is fixed upstream via .
Created mupdf tracking bugs for this issue:
Affects: fedora-all [bug 1056704]
mupdf-1.1-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mupdf-1.1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.