FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mupdf -- Remote System Access

Affected packages
mupdf < 0.8


VuXML ID 53bde960-356b-11e0-8e81-0022190034c0
Discovery 2011-01-26
Entry 2011-02-10

Secunia reports:

The vulnerability is caused due to an error within the "closedctd()" function in fitz/filt_dctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file.


Bugtraq ID 46027