Mailinglist Archive: opensuse-bugs (4284 mails)

< Previous Next >
[Bug 1039850] New: VUL-0: CVE-2016-8728, CVE-2016-8729: mupdf: Multiple vulnerabilities
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 19 May 2017 08:10:29 +0000
  • Message-id: <>

Bug ID: 1039850
Summary: VUL-0: CVE-2016-8728, CVE-2016-8729: mupdf: Multiple
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
Assignee: idonmez@xxxxxxxx
Reporter: abergmann@xxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: Security Response Team
Blocker: ---


Two vulnerabilities in mupdf were published by Talos.

CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability

An exploitable memory corruption vulnerability exists in the JBIG2 parser of
Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be
passed to a memset resulting in memory corruption and potential code execution.
An attacker can specially craft a PDF and send to the victim to trigger this

CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution

An exploitable heap out of bounds write vulnerability exists in the Fitz
graphical library part of the MuPDF renderer. A specially crafted PDF file can
cause a out of bounds write resulting in heap metadata and sensitive process
memory corruption leading to potential code execution. Victim needs to open the
specially crafted file in a vulnerable reader in order to trigger this


You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >