Mailinglist Archive: opensuse-bugs (4284 mails)

< Previous Next >
[Bug 1039850] New: VUL-0: CVE-2016-8728, CVE-2016-8729: mupdf: Multiple vulnerabilities
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 19 May 2017 08:10:29 +0000
  • Message-id: <bug-1039850-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1039850


Bug ID: 1039850
Summary: VUL-0: CVE-2016-8728, CVE-2016-8729: mupdf: Multiple
vulnerabilities
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
Assignee: idonmez@xxxxxxxx
Reporter: abergmann@xxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: Security Response Team
Blocker: ---

rh#1452544

Two vulnerabilities in mupdf were published by Talos.

CVE-2016-8729 - Artifex MuPDf JBIG2 Parser Code Execution Vulnerability

An exploitable memory corruption vulnerability exists in the JBIG2 parser of
Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be
passed to a memset resulting in memory corruption and potential code execution.
An attacker can specially craft a PDF and send to the victim to trigger this
vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243

CVE-2016-8728 - MuPDF Fitz library font glyph scaling Code Execution
Vulnerability

An exploitable heap out of bounds write vulnerability exists in the Fitz
graphical library part of the MuPDF renderer. A specially crafted PDF file can
cause a out of bounds write resulting in heap metadata and sensitive process
memory corruption leading to potential code execution. Victim needs to open the
specially crafted file in a vulnerable reader in order to trigger this
vulnerability.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1452544
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8729
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8728

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >