The buildfilterchain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fzdropimp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.12.0+ds1-1", "binary_name": "libmupdf-dev" }, { "binary_version": "1.12.0+ds1-1", "binary_name": "mupdf" }, { "binary_version": "1.12.0+ds1-1", "binary_name": "mupdf-tools" } ] }