Bug 1500015 (CVE-2017-14685, CVE-2017-14686, CVE-2017-14687) - CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 mupdf: Multiple vulnerabilities
Summary: CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 mupdf: Multiple vulnerabilities
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2017-14685, CVE-2017-14686, CVE-2017-14687
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1500016
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-09 16:09 UTC by Andrej Nemec
Modified: 2019-09-29 14:23 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:27:34 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-10-09 16:09:08 UTC
Multiple vulnerabilities in mupdf received CVEs. It seems that these were discovered on Windows, so they might not be related to the version as shipped in Fedora, but I would like to ask you to check this out, so that we are on the safe side. Thanks!


CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.

https://bugs.ghostscript.com/show_bug.cgi?id=698539
http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.

https://bugs.ghostscript.com/show_bug.cgi?id=698540
http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1

CVE-2017-14687

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.

https://bugs.ghostscript.com/show_bug.cgi?id=698558
http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28

Comment 1 Andrej Nemec 2017-10-09 16:09:36 UTC
Created mupdf tracking bugs for this issue:

Affects: fedora-all [bug 1500016]

Comment 2 Product Security DevOps Team 2019-06-08 03:27:34 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.