Candidate: CVE-2014-2013
PublicDate: 2014-03-03 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2013
 http://www.hdwsec.fr/blog/mupdf.html
 http://bugs.ghostscript.com/show_bug.cgi?id=694957
Description:
 Stack-based buffer overflow in the xps_parse_color function in
 xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to
 execute arbitrary code via a large number of entries in the ContextColor
 value of the Fill attribute in a Path element.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738857
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Tags_mupdf: stack-protector
Patches_mupdf:
 upstream: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
upstream_mupdf: released (1.3-2)
lucid_mupdf: DNE
precise_mupdf: released (0.9-2+deb7u3ubuntu0.12.04.1)
quantal_mupdf: ignored (reached end-of-life)
saucy_mupdf: ignored (reached end-of-life)
trusty_mupdf: not-affected (1.3-2)
trusty/esm_mupdf: DNE (trusty was not-affected [1.3-2])
utopic_mupdf: ignored (reached end-of-life)
vivid_mupdf: ignored (reached end-of-life)
vivid/stable-phone-overlay_mupdf: DNE
vivid/ubuntu-core_mupdf: DNE
wily_mupdf: ignored (reached end-of-life)
xenial_mupdf: not-affected (1.3-2)
devel_mupdf: not-affected (1.3-2)