Package: mupdf / 0.9-2+deb7u2

Metadata

Package Version Patches format
mupdf 0.9-2+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2014 2013.patch | (download)

xps/xps_common.c | 7 6 + 1 - 0 !
xps/xps_glyphs.c | 2 1 + 1 - 0 !
xps/xps_gradient.c | 2 1 + 1 - 0 !
xps/xps_path.c | 2 1 + 1 - 0 !
4 files changed, 9 insertions(+), 4 deletions(-)

 [patch] bug 694957: fix stack buffer overflow in xps_parse_color
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

xps_parse_color happily reads more than FZ_MAX_COLORS values out of a
ContextColor array which overflows the passed in samples array.
Limiting the number of allowed samples to FZ_MAX_COLORS and make sure
to use that constant for all callers fixes the problem.

Thanks to Jean-Jamil Khalifé for reporting and investigating the issue
and providing a sample exploit file.

bug621894.patch | (download)

apps/x11_main.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] selectionnotify isn't a valid event mask.

Fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621894

bug646350.patch | (download)

xps/xps_xml.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---