Re: mupdf vulnerable to CVE-2021-3407

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mupdf vulnerable to CVE-2021-3407

From:	Kei
Subject:	Re: mupdf vulnerable to CVE-2021-3407
Date:	Thu, 04 Mar 2021 23:55:39 -0500
User-agent:	Evolution 3.34.2

I just patched this in commit 6891f957.  Thanks for the heads up!

On Wed, 2021-03-03 at 21:53 +0100, Léo Le Bouter wrote:
> CVE-2021-3407 24.02.21 00:15
> A flaw was found in mupdf 1.18.0. Double free of object during
> linearization may lead to memory corruption and other potential
> consequences.
> 
> mupdf has made no release yet, so you need to cherry-pick the commit: 
> https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

mupdf vulnerable to CVE-2021-3407, Léo Le Bouter, 2021/03/03
- Re: mupdf vulnerable to CVE-2021-3407, Kei <=

Prev by Date: Re: [Outreachy] Use of impure functional programming and use of vlists
Next by Date: Heads-up from Linus -- potential bisection trainwreck: "A note on the 5.12-rc1 tag"
Previous by thread: mupdf vulnerable to CVE-2021-3407
Next by thread: Re: branch master updated: website: nls: Fix URLs for Chinese translation.
Index(es):
- Date
- Thread