CVE-2018-19881
https://notcve.org/view.php?id=CVE-2018-19881
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. En Artifex MuPDF 1.14.0, svg/svg-run.c permite que atacantes remotos provoquen una denegación de servicio (llamadas recursivas seguidas por un cierre inesperado de fz_xml_att en fitz/xml.c debido al consumo excesivo de pila) mediante un archivo svg manipulado, tal y como queda demostrado por mupdf-gl. • https://bugs.ghostscript.com/show_bug.cgi?id=700342 https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE https://bugs.ghostscript.com/show_bug.cgi?id=700442 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-19882
https://notcve.org/view.php?id=CVE-2018-19882
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. En Artifex MuPDF 1.14.0, la función svg_run_image en svg/svg-run.c permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL de href_att y cierre inesperado de la aplicación) mediante un archivo svg manipulado, tal y como queda demostrado con mupdf-gl. • https://bugs.ghostscript.com/show_bug.cgi?id=700342 https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE http://www.ghostscript.com/cgi-bin/findgit.cgi?a7f7d91cdff8d303c11d458fa8b802776f73c8cc • CWE-476: NULL Pointer Dereference •
CVE-2018-19777
https://notcve.org/view.php?id=CVE-2018-19777
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. En Artifex MuPDF 1.14.0, hay un bucle infinito en la función svg_dev_end_tile en fitz/svg-device.c, tal y como queda demostrado con mutool. • https://bugs.ghostscript.com/show_bug.cgi?id=700301 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXKCY35PKC32IFHN4RBUCZ75OWEYVJH http://www.ghostscript.com/cgi-bin/findgit.cgi?754ac68f119e0c25cd33c5d652d8aabd533a9fb3 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-18662
https://notcve.org/view.php?id=CVE-2018-18662
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. Hay una lectura fuera de límites en fz_run_t3_glyph en fitz/font.c en Artifex MuPDF 1.14.0, tal y como queda demostrado con mutool. • http://www.securityfocus.com/bid/105755 https://bugs.ghostscript.com/show_bug.cgi?id=700043 https://github.com/TeamSeri0us/pocs/tree/master/mupdf https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=164ddc22ee0d5b63a81d5148f44c37dd132a9356 • CWE-125: Out-of-bounds Read •
CVE-2018-16648
https://notcve.org/view.php?id=CVE-2018-16648
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. La función fz_append_byte en fitz/buffer.c en Artifex MuPDF 1.13.0 permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación) mediante un archivo pdf manipulado. Esto se ha provocado por un subdesbordamiento de índice de arrays pdf_dev_alpha en pdf/pdf-device.c. • https://bugs.ghostscript.com/show_bug.cgi?id=699685 https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824 • CWE-129: Improper Validation of Array Index •