Bug ID | 1019877 |
---|---|
Summary | VUL-0: CVE-2016-10132,CVE-2016-10133,CVE-2016-10141: mupfg: mujs: Multiple security issues |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Minor |
Priority | P5 - None |
Component | Security |
Assignee | idonmez@suse.com |
Reporter | astieger@suse.com |
QA Contact | qa-bugs@suse.de |
CC | gber@opensuse.org, idonmez@suse.com, security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
http://seclists.org/oss-sec/2017/q1/76 1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. https://bugs.ghostscript.com/show_bug.cgi?id=697381 http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 Use CVE-2016-10132 for all of fd003eceda531e13fbdd1aeb6e9c73156496e569. 2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. https://bugs.ghostscript.com/show_bug.cgi?id=697401 http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24 3. Integer overflow in the regemit function - CVE-2016-10141 An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697448 Upstream patch: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045 References: https://bugzilla.redhat.com/show_bug.cgi?id=1412967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10141 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10132 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10133 http://seclists.org/oss-sec/2017/q1/76 https://bugs.ghostscript.com/show_bug.cgi?id=697448 http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045