An use-after-free vulnerability was found in mupdf pdf_to_num. A maliciously created file could cause the application to crash. Upstream bugs: http://bugs.ghostscript.com/show_bug.cgi?id=697015 http://bugs.ghostscript.com/show_bug.cgi?id=697019 Upstream patch: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec References: http://seclists.org/oss-sec/2016/q4/149 https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/
Created mupdf tracking bugs for this issue: Affects: fedora-all [bug 1363695]