SB2018021427 - Fedora 27 update for mupdf

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2018-6192)

The vulnerability allows a remote attacker to cause DoS condition on the traget system.

The weakness exists the pdf_read_new_xref function in pdf/pdf-xref.c due to segmentation violation. A remote attacker can trick the victim into opening a specially crafted pdf file, trigger memory corruption and cause the service to crash.

2) Improper input validation (CVE-ID: CVE-2018-6544)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in th pdf_load_obj_stm in pdf/pdf-xref.c due to it can reference the object stream recursively and therefore run out of error stack. A remote attacker can submit a specially crafted PDF document cause the service to crash.

3) Use-after-free error (CVE-ID: CVE-2018-1000051)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the fz_keep_key_storable due to use-after-free error. A remote attacker can submit a specially crafted PDF file, trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

4) Heap-based buffer overflow (CVE-ID: CVE-2018-6187)

The vulnerability allows a remote attacker to cause DoS condition on the traget system.

The weakness exists in the do_pdf_save_document function in the pdf/pdf-write.c file due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted pdf file, trigger memory corruption and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2018-da6f76b446