Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mupdf: CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document()

Related Vulnerabilities: CVE-2018-6187   CVE-2018-5686   CVE-2018-6192  

Source

Debian Bug report logs - #888464
mupdf: CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document()

version graph

Package: src:mupdf; Maintainer for src:mupdf is Kan-Ru Chen (陳侃如) <koster@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 25 Jan 2018 23:21:01 UTC

Severity: important

Tags: security, upstream

Found in version mupdf/1.11+ds1-2

Fixed in version mupdf/1.13.0+ds1-1

Done: Kan-Ru Chen (陳侃如) <koster@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugs.ghostscript.com/show_bug.cgi?id=698908

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>:
Bug#888464; Package src:mupdf. (Thu, 25 Jan 2018 23:21:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Kan-Ru Chen (陳侃如) <koster@debian.org>. (Thu, 25 Jan 2018 23:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mupdf: CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do_pdf_save_document()
Date: Fri, 26 Jan 2018 00:19:35 +0100
[Message part 1 (text/plain, inline)]
Source: mupdf
Version: 1.11+ds1-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698908

Hi,

the following vulnerability was published for mupdf.

CVE-2018-6187[0]:
| In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow
| vulnerability in the do_pdf_save_document function in the
| pdf/pdf-write.c file. Remote attackers could leverage the vulnerability
| to cause a denial of service via a crafted pdf file.

Reproducible with an ASAN build 

mutool poster ~/CVE-2018-6187.poc

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-6187
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6187
[1] https://bugs.ghostscript.com/show_bug.cgi?id=698908

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

[CVE-2018-6187.poc (application/pdf, attachment)]

Reply sent to Kan-Ru Chen (陳侃如) <koster@debian.org>:
You have taken responsibility. (Mon, 30 Apr 2018 03:09:11 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 30 Apr 2018 03:09:11 GMT) (full text, mbox, link).

Message #10 received at 888464-close@bugs.debian.org (full text, mbox, reply):

From: Kan-Ru Chen (陳侃如) <koster@debian.org>
To: 888464-close@bugs.debian.org
Subject: Bug#888464: fixed in mupdf 1.13.0+ds1-1
Date: Mon, 30 Apr 2018 03:04:42 +0000
Source: mupdf
Source-Version: 1.13.0+ds1-1

We believe that the bug you reported is fixed in the latest version of
mupdf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888464@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kan-Ru Chen (陳侃如) <koster@debian.org> (supplier of updated mupdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Apr 2018 11:17:25 +0900
Source: mupdf
Binary: libmupdf-dev mupdf mupdf-tools
Architecture: source amd64
Version: 1.13.0+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Kan-Ru Chen (陳侃如) <koster@debian.org>
Changed-By: Kan-Ru Chen (陳侃如) <koster@debian.org>
Description:
 libmupdf-dev - development files for the MuPDF viewer
 mupdf      - lightweight PDF viewer
 mupdf-tools - command line tools for the MuPDF viewer
Closes: 841403 877067 877082 887130 888464 888487 893115 893862
Changes:
 mupdf (1.13.0+ds1-1) unstable; urgency=medium
 .
   * New upstream version 1.13.0+ds1
     - Fixes CVE-2018-5686 (Closes: #887130)
     - Fixes CVE-2018-6187 (Closes: #888464)
     - Fixes CVE-2018-6192 (Closes: #888487)
   * debian/control: Migrate vcs to salsa.debian.org
   * debian/patches: Refresh patches
   * debian/rules: Build with Debian CFLAGS and enable PIC libmupdf.a
     (Closes: #841403)
   * debian/rules: use Debian flavor build options (Closes: #877067)
   * debian/mupdf.sh: Do not read from a file descriptor
     (Closes: #893115, #893862)
   * debian/mupdf.desktop: Fixes and add ePub and XPS to supported mimetype.
     Thanks to Pino Toscano, Hartmut Buhrmester (Closes: #877082)
Checksums-Sha1:
 56918b20a6a48501050976b6cb12d9f69f274d75 2156 mupdf_1.13.0+ds1-1.dsc
 6dea3bbc2c9ff903ca8bd09f7fc9797da767297e 22018000 mupdf_1.13.0+ds1.orig.tar.xz
 98a1be3bbdbccdd56bb94b95093ade56d9544aab 25256 mupdf_1.13.0+ds1-1.debian.tar.xz
 70da9a6304ddf53663e7b417ee54e9a455b95d06 21527956 libmupdf-dev_1.13.0+ds1-1_amd64.deb
 47ca93321c01ef746f6a402c0727439b36c27deb 2479868 mupdf-dbgsym_1.13.0+ds1-1_amd64.deb
 3bd276f6114d5786a36bfd05c53878dc99fd73e3 2723912 mupdf-tools-dbgsym_1.13.0+ds1-1_amd64.deb
 68482f8d81a043fb06c1c4fb1a72759c8fd61221 19228256 mupdf-tools_1.13.0+ds1-1_amd64.deb
 710c8ccf6c20dc9d0b659bd23f480c5ef82a4a18 10825 mupdf_1.13.0+ds1-1_amd64.buildinfo
 a9e8cad1bde0d367cd832daa50defe779cc36720 19020936 mupdf_1.13.0+ds1-1_amd64.deb
Checksums-Sha256:
 def490372d72e6c06325ac689d6f4474bbbd576c4ec069d1282b2b6cc08acd23 2156 mupdf_1.13.0+ds1-1.dsc
 d40c952603cf40674da49ae9242201cd24c234bdec413ba11b99fc7e1dc2e0c8 22018000 mupdf_1.13.0+ds1.orig.tar.xz
 d8d56c0ff33d69a69e21f8dc7d8d3b4f61c3b5cb82e149b5be4ba1cc66b107b2 25256 mupdf_1.13.0+ds1-1.debian.tar.xz
 45fb6a6f554a72cc1ab1ef44684eadea6a731574cac5287eab679fd3f8d40d1f 21527956 libmupdf-dev_1.13.0+ds1-1_amd64.deb
 2386af5347eaf9923139b15ed9a2e38ea77aa46605a34faa2ba890ede15cdb19 2479868 mupdf-dbgsym_1.13.0+ds1-1_amd64.deb
 b8bf149a59c4a36cbc2aac23cbc7e5ee3681f94ab41247fd4707d1f69b00a06d 2723912 mupdf-tools-dbgsym_1.13.0+ds1-1_amd64.deb
 135af658139e501bc6c44c94d4a7e63763aeeb8abbb0282c5b2c35cf87847485 19228256 mupdf-tools_1.13.0+ds1-1_amd64.deb
 ee948b5b81d1124c1da89719c3f496314ac81c7eaa5175446029cbaf61742954 10825 mupdf_1.13.0+ds1-1_amd64.buildinfo
 30f0b843c978fcf860806db3e8c5d3dd48ad606c3377d2d96ae236d80d338d56 19020936 mupdf_1.13.0+ds1-1_amd64.deb
Files:
 d3e4d2e6d1995eea630941adb46ff2ac 2156 text optional mupdf_1.13.0+ds1-1.dsc
 1023a122bd82263239521884359f5792 22018000 text optional mupdf_1.13.0+ds1.orig.tar.xz
 82f31ba51139c87af5381bd24c1d222e 25256 text optional mupdf_1.13.0+ds1-1.debian.tar.xz
 cd5310047adda1d12559cdc35dc2a99f 21527956 libdevel optional libmupdf-dev_1.13.0+ds1-1_amd64.deb
 e4793de01c358a516ee33a24a7547618 2479868 debug optional mupdf-dbgsym_1.13.0+ds1-1_amd64.deb
 40fcef12a219e58894683ef86920bf6b 2723912 debug optional mupdf-tools-dbgsym_1.13.0+ds1-1_amd64.deb
 90f18479b1840c202064ac4defcb00f5 19228256 text optional mupdf-tools_1.13.0+ds1-1_amd64.deb
 ab7afec37296f9e727d6cf85db7782ee 10825 text optional mupdf_1.13.0+ds1-1_amd64.buildinfo
 f7709e49fb13a815970f21d8332a0714 19020936 text optional mupdf_1.13.0+ds1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2JDTPWFH4vUeM4aHCjk1SrblfeEFAlrmgM4ACgkQCjk1Srbl
feH/3hAApwmP+xvnIf33fU1YfnhUUeljhA2DfbuWVWGcqWOR/WvQloHkhvInKAWp
vv+K7xkW1S/EtYLdwZ+f7oa45VhyQslW/kPoD3H+4SK5EJ0mlHkBFrC2KS8dpp48
ylxynfw7eBKuooo8muAVb2lIG95fNf5xkngyuaC0wl6zwy0pDU1GMs39otRxBBg0
dsSAgYZmeoibqzr8gS1LIV4wfRryIjHYltQ9krF+9mcANR9Tu+sVzdPFpmaAlkXm
TlVZbcTAWKKze5FmkpPGN2RtL0LYir9dDcdimdQoWe5XC5S9WDyJuZWb7fAEq6Po
tQmz8lOJHjaGOOXi2oEgftfJCWaTSUatIq1yXPtmOVwR/oMNuA2uVqMOUFNLOnOe
XwUyW+CydKCDGPHuFcLJyReS5Tvmm9aQjQbIsfvOZHtJ6PwwT8KUBjN6Nov1FNcB
taGP7bprYRWUE6EeP1IIezghuQR6WBYO3vPNN3LiIcvFFYD22NW3659CJSd4xidn
30dxtdYw288ZCo0SWzCrFBYtp8s8COMRRCHHkObbbth9UoYVcRcnzAcHfchhLXRp
QjCb7yqahITHUqwR94VxC7UNATOGzeAx9PjjN7dbFsgx6IDwrWqwPkaibUXCjhMT
XtrYvgCocH2WfYBzTi1tg7j39nU10rOs19A5jAn8ANdsH16bM+4=
=PJKo
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 02 Jun 2018 07:29:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:47:27 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started