pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libmupdf-dev", "binary_version": "1.12.0+ds1-1" }, { "binary_name": "mupdf", "binary_version": "1.12.0+ds1-1" }, { "binary_name": "mupdf-tools", "binary_version": "1.12.0+ds1-1" } ] }