Two vulnerabilities in mupdf were published by Talos. CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution Vulnerability An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
Created mupdf tracking bugs for this issue: Affects: fedora-all [bug 1452545]
(In reply to Andrej Nemec from comment #0) > Two vulnerabilities in mupdf were published by Talos. > > CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability > > An exploitable memory corruption vulnerability exists in the JBIG2 parser of > Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be > passed to a memset resulting in memory corruption and potential code > execution. An attacker can specially craft a PDF and send to the victim to > trigger this vulnerability. > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 Does security team check if Fedora's versions are affected at all? This is not related. Mupdf doesn't ship openjpeg but uses one provided by openjpeg package. > > CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution > Vulnerability > > An exploitable heap out of bounds write vulnerability exists in the Fitz > graphical library part of the MuPDF renderer. A specially crafted PDF file > can cause a out of bounds write resulting in heap metadata and sensitive > process memory corruption leading to potential code execution. Victim needs > to open the specially crafted file in a vulnerable reader in order to > trigger this vulnerability. > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242 404. Can you please provide with correct link?
(In reply to Pavel Zhukov from comment #2) > (In reply to Andrej Nemec from comment #0) > > Two vulnerabilities in mupdf were published by Talos. > > > > CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability > > > > An exploitable memory corruption vulnerability exists in the JBIG2 parser of > > Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be > > passed to a memset resulting in memory corruption and potential code > > execution. An attacker can specially craft a PDF and send to the victim to > > trigger this vulnerability. > > > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 > Does security team check if Fedora's versions are affected at all? This is > not related. Mupdf doesn't ship openjpeg but uses one provided by openjpeg > package. > > For Fedora I mostly do a check of koji/manifests. I would rather have a bogus flaw such as this than an uncaught vulnerability. But as far as mupdf goes you are a very good maintainer, that's why I was thinking of not filing this at all. If there is anything I can do to improve the process for you let me know. > > CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution > > Vulnerability > > > > An exploitable heap out of bounds write vulnerability exists in the Fitz > > graphical library part of the MuPDF renderer. A specially crafted PDF file > > can cause a out of bounds write resulting in heap metadata and sensitive > > process memory corruption leading to potential code execution. Victim needs > > to open the specially crafted file in a vulnerable reader in order to > > trigger this vulnerability. > > > > https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242 > > 404. Can you please provide with correct link? Sorry, it seems that Talos provided an URL with a whitespace in the end. https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20