A stack-based buffer overflow was found [1] in mupdf's xps_parse_color() function. An attacker could create a specially crafted XPS file that, when opened, could cause mupdf or an application using mupdf to crash. Upstream bug filed at [2], along with an attached reproducer. Bug is fixed upstream via [3]. [1] http://seclists.org/fulldisclosure/2014/Jan/130 [2] http://bugs.ghostscript.com/show_bug.cgi?id=694957 [3] http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Created mupdf tracking bugs for this issue: Affects: fedora-all [bug 1056704]
mupdf-1.1-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mupdf-1.1-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.