oss-sec mailing list archives
Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap
From: <cve-assign () mitre org>
Date: Tue, 7 Feb 2017 01:52:33 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://bugs.ghostscript.com/show_bug.cgi?id=697515 AddressSanitizer: heap-buffer-overflow READ of size 1 mupdf-1.10a-source/source/fitz/pixmap.c:1210:12 in fz_subsample_pixmap
As far as we can tell, this buffer over-read issue affects the library (e.g., libmupdf.a), not exclusively the mutool command-line program. Use CVE-2017-5896. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYmW3+AAoJEHb/MwWLVhi2EuQQAIWqX8aA7zBTSSElX6o9D1hs Cjbeerdb/OMcIp1K1xVY2p1xfphKIqfcJHwxwrBylzACx3Vc4bQhRbUGMe/TUsY+ njOnXPZBocipcYLd8wc/WW0Hb+0y8JlFNDR08G80hRBTttxPMzKeEEXFMaDDuH2x zPINFJMS18Vda+r0h6iyprtsN5A8aLoH4VqRDe0Ksi6QZXQoe6llCvIYd/dHaonR VVJM5sE3wmdHaSi7t+1ALu7dkdjq8T8CyJUf1xiGSuFvUMRmMc73F+HxvXQalJm8 TgJenmdnwjYAali/Z6Q00D662hxLpEUxWOCLgcneHfM3engScCKMHXvRRQhD+N1X FcqAC+Ae4PKh450d0o1qiRBz7YQTLeIk8tH4m/0ljSEyou6kLVYvWky6yZgeJxEi upQ9ff/t4d5XGILwRCCHm1osi/VQZqXGuLEuKUynDgJsd1gaWiGP5t0e587VTIT/ y/c0T230hbcwpNObiWPN6hly1vXSLQKWuvlFMzDhEfSx+7ZxRRIZ1KtCIjyr6PlW zJCXQmj2sFfcOK83JsqD67qnrq9hyNzakkDCrt4Z+t4mk2+O3U40ea6jURzCMZx4 A38zUXHdTlo5i7Qs25wlPBTfZCPBxr22+sXLTRHZ4VrM1HX3ZX1fCQE7veykxxWU n88zzEgrKbo+6ytZ8at0 =//bi -----END PGP SIGNATURE-----
Current thread:
- mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 09)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)