Bug 1452544 (CVE-2016-8728, CVE-2016-8729) - CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities
Summary: CVE-2016-8728 CVE-2016-8729 mupdf: Multiple vulnerabilities
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-8728, CVE-2016-8729
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1452545
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-05-19 07:41 UTC by Andrej Nemec
Modified: 2019-09-29 14:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-09 16:05:44 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-05-19 07:41:50 UTC
Two vulnerabilities in mupdf were published by Talos.

CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243

CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution Vulnerability

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20

Comment 1 Andrej Nemec 2017-05-19 07:42:14 UTC
Created mupdf tracking bugs for this issue:

Affects: fedora-all [bug 1452545]

Comment 2 Pavel Zhukov 2017-05-19 07:50:06 UTC
(In reply to Andrej Nemec from comment #0)
> Two vulnerabilities in mupdf were published by Talos.
> 
> CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability
> 
> An exploitable memory corruption vulnerability exists in the JBIG2 parser of
> Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be
> passed to a memset resulting in memory corruption and potential code
> execution. An attacker can specially craft a PDF and send to the victim to
> trigger this vulnerability.
> 
> https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
Does security team check if Fedora's versions are affected at all? This is not related. Mupdf doesn't ship openjpeg but uses one provided by openjpeg package.
> 
> CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution
> Vulnerability
> 
> An exploitable heap out of bounds write vulnerability exists in the Fitz
> graphical library part of the MuPDF renderer. A specially crafted PDF file
> can cause a out of bounds write resulting in heap metadata and sensitive
> process memory corruption leading to potential code execution. Victim needs
> to open the specially crafted file in a vulnerable reader in order to
> trigger this vulnerability.
> 
> https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242

404. Can you please provide with correct link?

Comment 3 Andrej Nemec 2017-05-19 08:13:48 UTC
(In reply to Pavel Zhukov from comment #2)
> (In reply to Andrej Nemec from comment #0)
> > Two vulnerabilities in mupdf were published by Talos.
> > 
> > CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability
> > 
> > An exploitable memory corruption vulnerability exists in the JBIG2 parser of
> > Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be
> > passed to a memset resulting in memory corruption and potential code
> > execution. An attacker can specially craft a PDF and send to the victim to
> > trigger this vulnerability.
> > 
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
> Does security team check if Fedora's versions are affected at all? This is
> not related. Mupdf doesn't ship openjpeg but uses one provided by openjpeg
> package.
> > 

For Fedora I mostly do a check of koji/manifests. I would rather have a bogus flaw such as this than an uncaught vulnerability. But as far as mupdf goes you are a very good maintainer, that's why I was thinking of not filing this at all. If there is anything I can do to improve the process for you let me know.

> > CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution
> > Vulnerability
> > 
> > An exploitable heap out of bounds write vulnerability exists in the Fitz
> > graphical library part of the MuPDF renderer. A specially crafted PDF file
> > can cause a out of bounds write resulting in heap metadata and sensitive
> > process memory corruption leading to potential code execution. Victim needs
> > to open the specially crafted file in a vulnerable reader in order to
> > trigger this vulnerability.
> > 
> > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242
> 
> 404. Can you please provide with correct link?

Sorry, it seems that Talos provided an URL with a whitespace in the end. 

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20


Note You need to log in before you can comment on or make changes to this bug.