http://bugzilla.suse.com/show_bug.cgi?id=1019877 Bug ID: 1019877 Summary: VUL-0: CVE-2016-10132,CVE-2016-10133,CVE-2016-10141: mupfg: mujs: Multiple security issues Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: idonmez@suse.com Reporter: astieger@suse.com QA Contact: qa-bugs@suse.de CC: gber@opensuse.org, idonmez@suse.com, security-team@suse.de Found By: Security Response Team Blocker: --- http://seclists.org/oss-sec/2017/q1/76 1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. https://bugs.ghostscript.com/show_bug.cgi?id=697381 http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c7315649... Use CVE-2016-10132 for all of fd003eceda531e13fbdd1aeb6e9c73156496e569. 2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. https://bugs.ghostscript.com/show_bug.cgi?id=697401 http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd9... 3. Integer overflow in the regemit function - CVE-2016-10141 An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697448 Upstream patch: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4... References: https://bugzilla.redhat.com/show_bug.cgi?id=1412967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10141 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10132 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10133 http://seclists.org/oss-sec/2017/q1/76 https://bugs.ghostscript.com/show_bug.cgi?id=697448 http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4... -- You are receiving this mail because: You are on the CC list for the bug.