Hi Kanru, On Sun, Jul 07, 2019 at 04:51:55PM +0900, Kan-Ru Chen wrote: > On Fri, Jul 05, 2019 at 09:19:33PM +0200, Salvatore Bonaccorso wrote: > > Source: mupdf > > Version: 1.14.0+ds1-4 > > Severity: important > > Tags: security upstream > > Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=701118 > > > > Hi, > > > > The following vulnerability was published for mupdf. > > > > CVE-2019-13290[0]: > > | Artifex MuPDF 1.15.0 has a heap-based buffer overflow in > > | fz_append_display_node located at fitz/list-device.c, allowing remote > > | attackers to execute arbitrary code via a crafted PDF file. This > > | occurs with a large BDC property name that overflows the allocated > > | size of a display list node. > > > > I'm not 100% certain, that the issue is not introduced only after the > > current version in unstable, but looking at the code I marked it as > > found in 1.14.0+ds1-4 already, let me know if you think this was > > wrong. Upstream issue it at [1] with fixes [2] and [3]. > > I can't reproduce with 1.14.0+ds1-4. However, I'll need to apply the > patches when I upload 1.15.0+ds1-1, so I'll keep this open.
Right, I was as well not able to directly reproduce the issue, though it might be applicable as well for the 1.14.0 series and older as the code is very similar, might just not be triggered with the poc itself. Thank you for already having looked into it! Regards, Salvatore

