Lucene search

Gentoo FoundationGLSA-201706-08

HistoryJun 06, 2017 - 12:00 a.m.

MuPDF: Multiple vulnerabilities

2017-06-0600:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.5%

JSON

Background

A lightweight PDF, XPS, and E-book viewer.

Description

Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to process a specially crafted PDF document or image using MuPDF, possibly resulting in a Denial of Service condition or have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All MuPDF users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.11-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-text/mupdf< 1.11-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-text/mupdf	< 1.11-r1	UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.5%

JSON

Related for GLSA-201706-08