Candidate: CVE-2017-14687
PublicDate: 2017-09-22 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
 http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
 https://bugs.ghostscript.com/show_bug.cgi?id=698558
Description:
 Artifex MuPDF 1.11 allows attackers to cause a denial of service or
 possibly have unspecified other impact via a crafted .xps file, related to
 "Data from Faulting Address controls Branch Selection starting at
 mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of
 XML tag name comparisons.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_mupdf:
upstream_mupdf: released (1.11+ds1-1.1)
precise/esm_mupdf: DNE
trusty_mupdf: ignored (reached end-of-life)
trusty/esm_mupdf: DNE (trusty was needed)
vivid/ubuntu-core_mupdf: DNE
xenial_mupdf: ignored (end of standard support, was needed)
zesty_mupdf: released (1.9a+ds1-4+deb9u1build0.17.04.1)
artful_mupdf: ignored (reached end-of-life)
bionic_mupdf: not-affected (1.12.0+ds1-1)
cosmic_mupdf: not-affected (1.12.0+ds1-1)
disco_mupdf: not-affected (1.12.0+ds1-1)
eoan_mupdf: not-affected (1.12.0+ds1-1)
focal_mupdf: not-affected (1.12.0+ds1-1)
groovy_mupdf: not-affected (1.12.0+ds1-1)
hirsute_mupdf: not-affected (1.12.0+ds1-1)
impish_mupdf: not-affected (1.12.0+ds1-1)
jammy_mupdf: not-affected (1.12.0+ds1-1)
devel_mupdf: not-affected (1.12.0+ds1-1)