This is a redundant vulnerability that has been reported and fixed in 1.13.0 . http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858
2018-05-02 3:17 GMT+08:00 Seth Arnold <1767...@bugs.launchpad.net>: > Hi Fy, probably it's quickest if you request the CVE directly from MITRE > using: > > https://cveform.mitre.org/ > > Let us know how it goes. Thanks. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1767376 > > Title: > Segmentation fault in mupdf&mutool > > Status in mupdf package in Ubuntu: > Incomplete > > Bug description: > Package: mupdf > Version: Bionic (1.12.0+ds1-1) > > Hi, > We found a heap-buffer-overwrite vulnerability in mupdf. > This affects ubuntu Bionic (1.12.0+ds1-1). > > Crash happennd at ensure_solid_xref (pdf-xref.c:211): > 209 for (i =0; i < sub->len; i++) > 210 { > 211 new_sub->table[i+sub->start] = sub->table[i] > 212 } > the variable "sub->start" could be a big number at run time, which > cause this crash. > > We have submit this issue to the developers, testcase can be found > at: > https://bugs.ghostscript.com/show_bug.cgi?id=699225 > > run the sample with command: > mutool draw poc.pdf > or: > mupdf poc.pdf > > We found this vulnerability is not fixed in newly ubuntu 18.04 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/mupdf/+bug/ > 1767376/+subscriptions > ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17858 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767376 Title: Segmentation fault in mupdf&mutool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mupdf/+bug/1767376/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs