Ubuntu
mupdf package

Segmentation fault in mupdf&mutool

Bug #1767376 reported by fy
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mupdf (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Package: mupdf
Version: Bionic (1.12.0+ds1-1)

Hi,
    We found a heap-buffer-overwrite vulnerability in mupdf.
    This affects ubuntu Bionic (1.12.0+ds1-1).

    Crash happennd at ensure_solid_xref (pdf-xref.c:211):
        209 for (i =0; i < sub->len; i++)
        210 {
        211 new_sub->table[i+sub->start] = sub->table[i]
        212 }
    the variable "sub->start" could be a big number at run time, which cause this crash.

    We have submit this issue to the developers, testcase can be found at:
      https://bugs.ghostscript.com/show_bug.cgi?id=699225

    run the sample with command:
      mutool draw poc.pdf
    or:
      mupdf poc.pdf

    We found this vulnerability is not fixed in newly ubuntu 18.04

CVE References

Revision history for this message
fy (fyin2018) wrote :
Revision history for this message
Emily Ratliff (emilyr) wrote :

Thanks for reporting this vulnerability. Are you planning on requesting a CVE id for it?

Revision history for this message
fy (fyin2018) wrote : [Bug 1767376] Re: Segmentation fault in mupdf&mutool

Yes, it would be great if a CVE id could be signed. But I am not familiar
with the report prodcedure. Should I request a CVE id by myself, or leave
this to you?

2018年4月28日星期六,Emily Ratliff <email address hidden> 写道:

> Thanks for reporting this vulnerability. Are you planning on requesting
> a CVE id for it?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1767376
>
> Title:
> Segmentation fault in mupdf&mutool
>
> Status in mupdf package in Ubuntu:
> New
>
> Bug description:
> Package: mupdf
> Version: Bionic (1.12.0+ds1-1)
>
> Hi,
> We found a heap-buffer-overwrite vulnerability in mupdf.
> This affects ubuntu Bionic (1.12.0+ds1-1).
>
> Crash happennd at ensure_solid_xref (pdf-xref.c:211):
> 209 for (i =0; i < sub->len; i++)
> 210 {
> 211 new_sub->table[i+sub->start] = sub->table[i]
> 212 }
> the variable "sub->start" could be a big number at run time, which
> cause this crash.
>
> We have submit this issue to the developers, testcase can be found
> at:
> https://bugs.ghostscript.com/show_bug.cgi?id=699225
>
> run the sample with command:
> mutool draw poc.pdf
> or:
> mupdf poc.pdf
>
> We found this vulnerability is not fixed in newly ubuntu 18.04
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/mupdf/+bug/1767376
> /+subscriptions
>

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

information type: Private Security → Public Security
Changed in mupdf (Ubuntu):
status: New → Incomplete
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hi Fy, probably it's quickest if you request the CVE directly from MITRE using:

https://cveform.mitre.org/

Let us know how it goes. Thanks.

Revision history for this message
fy (fyin2018) wrote : Re: [Bug 1767376] Re: Segmentation fault in mupdf&mutool

Thanks. I will do this as fast as I can.☺

2018-05-02 3:17 GMT+08:00 Seth Arnold <email address hidden>:

> Hi Fy, probably it's quickest if you request the CVE directly from MITRE
> using:
>
> https://cveform.mitre.org/
>
> Let us know how it goes. Thanks.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1767376
>
> Title:
> Segmentation fault in mupdf&mutool
>
> Status in mupdf package in Ubuntu:
> Incomplete
>
> Bug description:
> Package: mupdf
> Version: Bionic (1.12.0+ds1-1)
>
> Hi,
> We found a heap-buffer-overwrite vulnerability in mupdf.
> This affects ubuntu Bionic (1.12.0+ds1-1).
>
> Crash happennd at ensure_solid_xref (pdf-xref.c:211):
> 209 for (i =0; i < sub->len; i++)
> 210 {
> 211 new_sub->table[i+sub->start] = sub->table[i]
> 212 }
> the variable "sub->start" could be a big number at run time, which
> cause this crash.
>
> We have submit this issue to the developers, testcase can be found
> at:
> https://bugs.ghostscript.com/show_bug.cgi?id=699225
>
> run the sample with command:
> mutool draw poc.pdf
> or:
> mupdf poc.pdf
>
> We found this vulnerability is not fixed in newly ubuntu 18.04
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/mupdf/+bug/
> 1767376/+subscriptions
>

Revision history for this message
fy (fyin2018) wrote :

 This is a redundant vulnerability that has been reported and fixed in
1.13.0 .
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17858

2018-05-02 3:17 GMT+08:00 Seth Arnold <email address hidden>:

> Hi Fy, probably it's quickest if you request the CVE directly from MITRE
> using:
>
> https://cveform.mitre.org/
>
> Let us know how it goes. Thanks.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1767376
>
> Title:
> Segmentation fault in mupdf&mutool
>
> Status in mupdf package in Ubuntu:
> Incomplete
>
> Bug description:
> Package: mupdf
> Version: Bionic (1.12.0+ds1-1)
>
> Hi,
> We found a heap-buffer-overwrite vulnerability in mupdf.
> This affects ubuntu Bionic (1.12.0+ds1-1).
>
> Crash happennd at ensure_solid_xref (pdf-xref.c:211):
> 209 for (i =0; i < sub->len; i++)
> 210 {
> 211 new_sub->table[i+sub->start] = sub->table[i]
> 212 }
> the variable "sub->start" could be a big number at run time, which
> cause this crash.
>
> We have submit this issue to the developers, testcase can be found
> at:
> https://bugs.ghostscript.com/show_bug.cgi?id=699225
>
> run the sample with command:
> mutool draw poc.pdf
> or:
> mupdf poc.pdf
>
> We found this vulnerability is not fixed in newly ubuntu 18.04
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/mupdf/+bug/
> 1767376/+subscriptions
>

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.