Vulnerability CVE-2019-14975: Information
Description
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
Severity: HIGH (7.1) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
mupdf | sisyphus | 1.18.0-alt1 | 1.18.0-alt1 | ALT-PU-2020-3475-1 | 263138 | Fixed |
mupdf | p10 | 1.18.0-alt1 | 1.18.0-alt1 | ALT-PU-2020-3475-1 | 263138 | Fixed |
mupdf | p9 | 1.18.0-alt1 | 1.18.0-alt1 | ALT-PU-2020-3484-1 | 263155 | Fixed |
mupdf | c10f1 | 1.18.0-alt1 | 1.18.0-alt1 | ALT-PU-2020-3475-1 | 263138 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugs.ghostscript.com/show_bug.cgi?id=701292 |
|
http://git.ghostscript.com/?p=mupdf.git%3Ba=commit%3Bh=97096297d409ec6f206298444ba00719607e8ba8 |