oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap

From: <cve-assign () mitre org>
Date: Tue, 7 Feb 2017 01:52:33 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://bugs.ghostscript.com/show_bug.cgi?id=697515

AddressSanitizer: heap-buffer-overflow
READ of size 1

mupdf-1.10a-source/source/fitz/pixmap.c:1210:12 in fz_subsample_pixmap


As far as we can tell, this buffer over-read issue affects the library
(e.g., libmupdf.a), not exclusively the mutool command-line program.

Use CVE-2017-5896.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYmW3+AAoJEHb/MwWLVhi2EuQQAIWqX8aA7zBTSSElX6o9D1hs
Cjbeerdb/OMcIp1K1xVY2p1xfphKIqfcJHwxwrBylzACx3Vc4bQhRbUGMe/TUsY+
njOnXPZBocipcYLd8wc/WW0Hb+0y8JlFNDR08G80hRBTttxPMzKeEEXFMaDDuH2x
zPINFJMS18Vda+r0h6iyprtsN5A8aLoH4VqRDe0Ksi6QZXQoe6llCvIYd/dHaonR
VVJM5sE3wmdHaSi7t+1ALu7dkdjq8T8CyJUf1xiGSuFvUMRmMc73F+HxvXQalJm8
TgJenmdnwjYAali/Z6Q00D662hxLpEUxWOCLgcneHfM3engScCKMHXvRRQhD+N1X
FcqAC+Ae4PKh450d0o1qiRBz7YQTLeIk8tH4m/0ljSEyou6kLVYvWky6yZgeJxEi
upQ9ff/t4d5XGILwRCCHm1osi/VQZqXGuLEuKUynDgJsd1gaWiGP5t0e587VTIT/
y/c0T230hbcwpNObiWPN6hly1vXSLQKWuvlFMzDhEfSx+7ZxRRIZ1KtCIjyr6PlW
zJCXQmj2sFfcOK83JsqD67qnrq9hyNzakkDCrt4Z+t4mk2+O3U40ea6jURzCMZx4
A38zUXHdTlo5i7Qs25wlPBTfZCPBxr22+sXLTRHZ4VrM1HX3ZX1fCQE7veykxxWU
n88zzEgrKbo+6ytZ8at0
=//bi
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: