Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color()

Related Vulnerabilities: CVE-2014-2013  

Source

Debian Bug report logs - #738857
mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color()

version graph

Package: mupdf; Maintainer for mupdf is Kan-Ru Chen (陳侃如) <koster@debian.org>; Source for mupdf is src:mupdf (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 13 Feb 2014 15:03:01 UTC

Severity: grave

Tags: fixed-upstream, security

Fixed in versions mupdf/1.3-2, mupdf/0.9-2+deb7u1

Done: Kan-Ru Chen (陳侃如) <koster@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugs.ghostscript.com/show_bug.cgi?id=694957

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#738857; Package mupdf. (Thu, 13 Feb 2014 15:03:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>. (Thu, 13 Feb 2014 15:03:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mupdf: Stack-based Buffer Overflow in xps_parse_color()
Date: Thu, 13 Feb 2014 15:49:59 +0100
Package: mupdf
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.hdwsec.fr/blog/mupdf.html

Can you please contact upstream for a patch and whether this affects Linux builds
of mupdf?

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#738857; Package mupdf. (Fri, 14 Feb 2014 01:57:08 GMT) (full text, mbox, link).

Acknowledgement sent to mmcallis@redhat.com:
Extra info received and forwarded to list. Copy sent to Kan-Ru Chen (陳侃如) <koster@debian.org>. (Fri, 14 Feb 2014 01:57:08 GMT) (full text, mbox, link).

Message #10 received at 738857@bugs.debian.org (full text, mbox, reply):

From: Murray McAllister <mmcallis@redhat.com>
To: 738857@bugs.debian.org
Subject: mupdf: Stack-based Buffer Overflow in xps_parse_color()
Date: Fri, 14 Feb 2014 12:46:27 +1100
Hello,

I have not tested to see if Linux is affected but I did find the Red Hat 
bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1056699

It links to http://bugs.ghostscript.com/show_bug.cgi?id=694957 and 
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc

Cheers,

--
Murray McAllister / Red Hat Security Response Team

Information forwarded to debian-bugs-dist@lists.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#738857; Package mupdf. (Fri, 14 Feb 2014 01:57:11 GMT) (full text, mbox, link).

Acknowledgement sent to mmcallis@redhat.com:
Extra info received and forwarded to list. Copy sent to Kan-Ru Chen (陳侃如) <koster@debian.org>. (Fri, 14 Feb 2014 01:57:11 GMT) (full text, mbox, link).

Message #15 received at 738857@bugs.debian.org (full text, mbox, reply):

From: Murray McAllister <mmcallis@redhat.com>
To: oss-security@lists.openwall.com
Cc: 738857@bugs.debian.org
Subject: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()
Date: Fri, 14 Feb 2014 12:53:34 +1100
Hello,

A stack-based buffer overflow in MuPDF's xps_parse_color() function was 
reported. Full details in http://www.hdwsec.fr/blog/mupdf.html

Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=694957
Upstream fix: 
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1056699

Thanks,

--
Murray McAllister / Red Hat Security Response Team

Set Bug forwarded-to-address to 'http://bugs.ghostscript.com/show_bug.cgi?id=694957'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 14 Feb 2014 05:39:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#738857; Package mupdf. (Tue, 18 Feb 2014 12:30:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Kan-Ru Chen (陳侃如) <koster@debian.org>. (Tue, 18 Feb 2014 12:30:04 GMT) (full text, mbox, link).

Message #22 received at 738857@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 738857@bugs.debian.org
Subject: Re: Bug#738857: mupdf: Stack-based Buffer Overflow in xps_parse_color()
Date: Tue, 18 Feb 2014 13:27:39 +0100
Control: retitle -1 mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color()

Hi,

CVE-2014-2013 was assigned for this issue.

Regards,
Salvatore

Changed Bug title to 'mupdf: CVE-2014-2013: Stack-based Buffer Overflow in xps_parse_color()' from 'mupdf: Stack-based Buffer Overflow in xps_parse_color()' Request was from Salvatore Bonaccorso <carnil@debian.org> to 738857-submit@bugs.debian.org. (Tue, 18 Feb 2014 12:30:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from Axel Beckert <abe@debian.org> to control@bugs.debian.org. (Fri, 28 Feb 2014 16:39:12 GMT) (full text, mbox, link).

Reply sent to Kan-Ru Chen (陳侃如) <koster@debian.org>:
You have taken responsibility. (Sun, 09 Mar 2014 16:21:30 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 09 Mar 2014 16:21:30 GMT) (full text, mbox, link).

Message #31 received at 738857-close@bugs.debian.org (full text, mbox, reply):

From: Kan-Ru Chen (陳侃如) <koster@debian.org>
To: 738857-close@bugs.debian.org
Subject: Bug#738857: fixed in mupdf 1.3-2
Date: Sun, 09 Mar 2014 16:19:43 +0000
Source: mupdf
Source-Version: 1.3-2

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 738857@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <koster@debian.org> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Mar 2014 23:41:55 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.3-2
Distribution: unstable
Urgency: medium
Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <koster@debian.org>
Description: 
 libmupdf-dev - development files for the MuPDF viewer
 mupdf      - lightweight PDF viewer
 mupdf-tools - commmand line tools for the MuPDF viewer
Closes: 699684 736125 738857
Changes: 
 mupdf (1.3-2) unstable; urgency=medium
 .
   * Fix CVE-2014-2013: Stack-based Buffer Overflow in
     xps_parse_color(). (Closes: #738857)
   * Add description of key P to mupdf(1). (Closes: #736125)
   * Add description of BROWSER env to mupdf(1). (Closes: #699684)
   * Bump Standards-Version to 3.9.5, no changes needed
Checksums-Sha1: 
 2e6a5bdb671b9710c7ea50fbd73605e1da9f5395 2060 mupdf_1.3-2.dsc
 61514053aaa956ded4a14a8400651518a4068b32 12564 mupdf_1.3-2.debian.tar.xz
 a15f86f9980ddc7242e596dab2ebf999d196a283 3079560 libmupdf-dev_1.3-2_amd64.deb
 0bf60c3a19724a057f857180332a04f8a7312296 2981902 mupdf_1.3-2_amd64.deb
 797a4a2b78ec4f2c1fff6f5fb75ec0f88fbae07d 3057354 mupdf-tools_1.3-2_amd64.deb
Checksums-Sha256: 
 15c9e74124f3656fc9ae6719e757e1aebb23faa6f8d8c3824cbbc7d62d3ec0a0 2060 mupdf_1.3-2.dsc
 16011705809482db22bd53508e4f537842a4daac33d674ff478bfe9a1495fdab 12564 mupdf_1.3-2.debian.tar.xz
 616926bc9a457d19e0f0c2a8b3db30626e0ef8f5f60f5ca2efafc7a6471f7d42 3079560 libmupdf-dev_1.3-2_amd64.deb
 24a8e04f199dd685fb91ded268437269397c965b8e9a15f84b7eee9b0a8e27ca 2981902 mupdf_1.3-2_amd64.deb
 3aea6a59764fb3f805dfe14f16c88168cc1f6beef5553ea9e41fca6d192e2282 3057354 mupdf-tools_1.3-2_amd64.deb
Files: 
 09c7f53244085ea098a72536adca3e9c 2060 text optional mupdf_1.3-2.dsc
 81bfbb71fe903f4f38ca2d3499e5648e 12564 text optional mupdf_1.3-2.debian.tar.xz
 41c3119ee5cfe64084586b8777be2555 3079560 libdevel optional libmupdf-dev_1.3-2_amd64.deb
 389aa9b3fbfa63ff0288dfffb11315f0 2981902 text optional mupdf_1.3-2_amd64.deb
 11842b1a61e31127814823289b2ca00b 3057354 text optional mupdf-tools_1.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTHJESAAoJEAo5NUq25X3hGxwQAKnsyf1lsdGYeNcUyByVlmRK
1jvmA7/BKW/u/TXtQdUQBKKJrl9aTbsy+13gKEAk3VU7WBGA7P0TrtGFeyjllBql
ch8B6Hq2zOmjnfCd5Z6dX/UORABHjvmtGh4atvf8+adARRSAQRjWxdizHSMmuJrE
+t3k8misuwhJokp81wCMNPMYbtQDjhfdw4QvWX26raG/9gMIS6hhryWyNnsmieoh
keUFR51w1tHOgKoNc+h8vbG5zxOTvUbPjCA1FHpaSLufriaI2gRjB4lJCgNTkmZG
FJpwNWd5lS9PKzyjF8C4i//sQUVlOILJLL+P55SidTsReEYD5iDCcalyNN1B460k
20f4nYkVdU8soQQG2xkBgRihHACUM4WgSVXynBCR+TPzhpm4N4YJHtD8DxxjSijM
2zyQqgEjH63Tm/hoYWfcLtyuAbZbXiQTuMDUGqkYF7cTE8cuwbF6EidrJAAZwgd9
7w80m+zViuFk1o9L2dBXZHz1/n18BVFHKhH2UoGaOB4xhJ7lywGoXJClpablmbMS
WulnSJ4CKAnzIUGa6xQ/21OX3iy1wHXc4t4E13L/1Oczg9gv6W6ImJHzPjPew1Cu
2Zrr1aJR8/v8yW/Anu7Ac8Oxitsm4aeC2Q/CFso6Ms2b1Z+QoAZKsQLGDRUFBeDj
ymjVa4UrZTpJ41e5djGP
=7n3i
-----END PGP SIGNATURE-----

Reply sent to Kan-Ru Chen (陳侃如) <koster@debian.org>:
You have taken responsibility. (Sun, 15 Jun 2014 21:42:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 15 Jun 2014 21:42:05 GMT) (full text, mbox, link).

Message #36 received at 738857-close@bugs.debian.org (full text, mbox, reply):

From: Kan-Ru Chen (陳侃如) <koster@debian.org>
To: 738857-close@bugs.debian.org
Subject: Bug#738857: fixed in mupdf 0.9-2+deb7u1
Date: Sun, 15 Jun 2014 21:38:23 +0000
Source: mupdf
Source-Version: 0.9-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 738857@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <koster@debian.org> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Jun 2014 23:59:34 +0800
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 0.9-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Kan-Ru Chen <koster@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <koster@debian.org>
Description: 
 libmupdf-dev - development files for the MuPDF viewer
 mupdf      - lightweight PDF viewer
 mupdf-tools - commmand line tools for the MuPDF viewer
Closes: 738857
Changes: 
 mupdf (0.9-2+deb7u1) wheezy-security; urgency=high
 .
   * Backport fix of CVE-2014-2013: Stack-based Buffer Overflow in
     xps_parse_color() from unstable. (Closes: #738857)
Checksums-Sha1: 
 f525c41af74839c7ebe21f613ae49840fd61ce80 2028 mupdf_0.9-2+deb7u1.dsc
 3a3ba42d19e3211199110e7c782263241cdea8a0 3917075 mupdf_0.9.orig.tar.gz
 3618b0089aac810c798acb22a2dba91a9f92d3aa 11042 mupdf_0.9-2+deb7u1.debian.tar.gz
 431f34d203760fb795c029574156f6f97fd670e2 3226332 libmupdf-dev_0.9-2+deb7u1_amd64.deb
 8cee54c0d4a6f06dc6bdf325f555f48948f6d9a4 3149712 mupdf_0.9-2+deb7u1_amd64.deb
 dc494ed99edcce8dc0e7734cc9e88a15c8870588 3426540 mupdf-tools_0.9-2+deb7u1_amd64.deb
Checksums-Sha256: 
 75f17d70355494ab265faa3c5fdb69ff2d4a046c3e8e46f3b8e63934fed523c3 2028 mupdf_0.9-2+deb7u1.dsc
 abed825cb1d73e0e28f0a7ee72b5d7a451ba41d21b0c55837ed2a212f3b16b2d 3917075 mupdf_0.9.orig.tar.gz
 9f620fed53ab4396ca5180fbf35ed64b09cb0c8ca5204adb5681ce91efcf6beb 11042 mupdf_0.9-2+deb7u1.debian.tar.gz
 5a70acd80bc81de40d3f457eaa47a69b826da959108e01d5ad2e2bce4012cdd3 3226332 libmupdf-dev_0.9-2+deb7u1_amd64.deb
 de596200a3db17f28c3a54035be16ae61805fc05b898e133dd77a2c2537d20d4 3149712 mupdf_0.9-2+deb7u1_amd64.deb
 8bc12a79793bdbeb8337229aff7aecf92e7cc2ceebde4d891bfad310ce2bef02 3426540 mupdf-tools_0.9-2+deb7u1_amd64.deb
Files: 
 544961c6667a8e1f54b9dfd6cd13ea4d 2028 text optional mupdf_0.9-2+deb7u1.dsc
 76640ee16a797a27fe49cc0eaa87ce3a 3917075 text optional mupdf_0.9.orig.tar.gz
 65030eb0a067b4af07b592344422f9cb 11042 text optional mupdf_0.9-2+deb7u1.debian.tar.gz
 48f4403198a98e58686bb9a06dd1d095 3226332 libdevel optional libmupdf-dev_0.9-2+deb7u1_amd64.deb
 8d5e7f5ac00bb62d73f5062169105c43 3149712 text optional mupdf_0.9-2+deb7u1_amd64.deb
 0aa04f429a7bd3a25570d9e49d1edf39 3426540 text optional mupdf-tools_0.9-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTjnPzAAoJEAo5NUq25X3hftsP/3/QGlhA2tmQqKachUQBi7zh
MwfLKMkMI4DVpFpKfyYwOrBHFIZKKAlgM52ll4Um5hqCKFRwcqOiRiJ0D5nb6ZGZ
osCuvv83sdQBfhnpXynof7D5g2zWVcologwf5J7lrPaJSArogz7uU6E3iXy0sXn5
1xVa+v8O4LAs2fFqzCzWIXnwwXwrb9DxcVFqhjjek6RVtCX07I24JftDc+rQP4Mi
1Rai51tgZqFsfV8QEBBo08YdiWtNVIvhy8bVVKSuV0MhI0cq8jdSAmKBDi3Zdepy
jgNp0ODBDXRspOWsi5O2RUPEVEk7KSBdgCEf/z+G15KoVnfWVWLQnk3PJ+ozFXYK
tzOW4HaWeMYxU1rlTlyDJFVZjiuFNk3vx79jdZI9ZSw7Juc4tTRHH1mNXt9hV+bs
nGWcN3yVuUuw+2ck2BtVuuKOfRxSSwuj5ktnLjMWOef3QPM/eFIYBhbAEL+Md3dR
S7/f9worQrhKt3U0nzrctyfUmtH8mI4w9uEvcZsuyyvFhRQmpkQY4awslW7TUQEC
NuGD4KET1enkJnCzlEQQlCzY6UI+GHsh7QlOHC3TNG7ZzJY6IVIxVYaTEEFjd+/c
OMzG/cUUYyrin9yGGLiW4Bqn7qdiJV1Vnsj3If/9/3aEzJxJ5vCQxQb4PT8OdLvf
KBSFATcf4luJwYHgjheN
=dE/V
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 14 Jul 2014 07:30:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:55:19 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started