DSA-3655-1 mupdf -- mupdfID: oval:org.secpod.oval:def:602598 | Date: (C)2016-08-30 (M)2023-12-20 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6265 Marco Grassi discovered a use-after-free vulnerability in MuPDF. An attacker can take advantage of this flaw to cause an application crash , or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed. CVE-2016-6525 Yu Hong and Zheng Jihong discovered a heap overflow vulnerability within the pdf_load_mesh_params function, allowing an attacker to cause an application crash , or potentially to execute arbitrary code with the privileges of the user running MuPDF, if a specially crafted PDF file is processed.