http://bugzilla.opensuse.org/show_bug.cgi?id=1094633 Bug ID: 1094633 Summary: VUL-0: CVE-2018-1000037: mupdf: multiple reachable assertions in the PDF parser Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/206397/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: idonmez@suse.com Reporter: kbabioch@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#1582314 In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. References: https://bugzilla.redhat.com/show_bug.cgi?id=1582314 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000037 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000037.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490 http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05... http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e... http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22... https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 -- You are receiving this mail because: You are on the CC list for the bug.