MuPDF is vulnerable to denial of service (DoS) attacks. The attack can be launched if a malicious file is passed to the my_getline()
function in jstest_main.c
, causing out-of-bounds write.
git.ghostscript.com/?p=mupdf.git;h=446097f97b71ce20fa8d1e45e070f2e62676003e
www.openwall.com/lists/oss-security/2017/03/13/20
www.securityfocus.com/bid/97099
blogs.gentoo.org/ago/2016/09/24/mupdf-mujstest-global-buffer-overflow-in-my_getline-jstest_main-c/
lists.debian.org/debian-lts-announce/2021/09/msg00013.html