DSA-4006-2 mupdf -- mupdfID: oval:org.secpod.oval:def:603169 | Date: (C)2017-12-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem. For reference, the relevant part of the original advisory text follows. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
mupdf |
libmupdf-dev |