[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mupdf vulnerable to CVE-2021-3407
From: |
Kei |
Subject: |
Re: mupdf vulnerable to CVE-2021-3407 |
Date: |
Thu, 04 Mar 2021 23:55:39 -0500 |
User-agent: |
Evolution 3.34.2 |
I just patched this in commit 6891f957. Thanks for the heads up!
On Wed, 2021-03-03 at 21:53 +0100, Léo Le Bouter wrote:
> CVE-2021-3407 24.02.21 00:15
> A flaw was found in mupdf 1.18.0. Double free of object during
> linearization may lead to memory corruption and other potential
> consequences.
>
> mupdf has made no release yet, so you need to cherry-pick the commit:
> https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a
signature.asc
Description: This is a digitally signed message part