Source: mupdf Version: 1.5-1 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698605
Hi, the following vulnerability was published for mupdf. CVE-2017-15587[0]: | An integer overflow was discovered in pdf_read_new_xref_section in | pdf/pdf-xref.c in Artifex MuPDF 1.11. base64 encoded reproducer for verifying: JVBERi0wMDAwMDAgMCBvYmo8PC9bXS9JbmRleFsyMTQ3NDgzNjQ3IDFdLyAwIDAgUi8gMC9TaXpl IDAvV1tdPj5zdHJlYW0Nc3RhcnR4cmVmMTAK If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15587 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 [1] https://bugs.ghostscript.com/show_bug.cgi?id=698605 [2] http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 [3] https://nandynarwhals.org/CVE-2017-15587/ Regards, Salvatore
