Source: mupdf Version: 1.11+ds1-2 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698916
Hi, the following vulnerability was published for mupdf. CVE-2018-6192[0]: | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in | pdf/pdf-xref.c allows remote attackers to cause a denial of service | (segmentation violation and application crash) via a crafted pdf file. The issue is verifiable with an ASAN build for the unstable version with the poc files attached to the upstream bug. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-6192 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6192 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
