Mailinglist Archive: opensuse-bugs (6499 mails)

< Previous Next >
[Bug 1140462] New: VUL-0: CVE-2019-13290: mupdf: heap-based buffer overflow in fz_append_display_node allows remote arbitrary code execution via a crafted PDF file
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 05 Jul 2019 07:29:05 +0000
  • Message-id: <bug-1140462-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1140462


Bug ID: 1140462
Summary: VUL-0: CVE-2019-13290: mupdf: heap-based buffer
overflow in fz_append_display_node allows remote
arbitrary code execution via a crafted PDF file
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.0
Hardware: Other
URL: https://smash.suse.de/issue/236470/
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: gber@xxxxxxxxxxxx
Reporter: atoptsoglou@xxxxxxxx
QA Contact: security-team@xxxxxxx
Found By: Security Response Team
Blocker: ---

CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node
located at fitz/list-device.c, allowing remote attackers to execute arbitrary
code via a crafted PDF file. This occurs with a large BDC property name that
overflows the allocated size of a display list node.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13290
http://www.cvedetails.com/cve/CVE-2019-13290/
https://bugs.ghostscript.com/show_bug.cgi?id=701118
http://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85
http://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages