DSA-4006-1 mupdf -- mupdf
|ID: oval:org.secpod.oval:def:603138||Date: (C)2017-11-09 (M)2017-11-18|
|Class: PATCH||Family: unix|
Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code. CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687 WangLin discovered that a crafted .xps file can crash MuPDF and potentially execute arbitrary code in several ways, since the application makes unchecked assumptions on the entry format. CVE-2017-15587 Terry Chia and Jeremy Heng discovered an integer overflow that can cause arbitrary code execution via a crafted .pdf file.