Debian LTS Advisory ([SECURITY] [DLA 1838-1] mupdf security update)

The remote host is missing an update for the 'mupdf' package(s) announced via the DSA-1838-1 advisory.

Several minor issues have been fixed in mupdf, a lightweight PDF viewer tailored for display of high quality anti-aliased graphics. CVE-2018-5686 In MuPDF, there was an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF not having been considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted PDF file. CVE-2019-6130 MuPDF had a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This was related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. CVE-2018-6192 In MuPDF, the pdf_read_new_xref function in pdf/pdf-xref.c allowed remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted PDF file.

'mupdf' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For Debian 8 'Jessie', these problems have been fixed in version 1.5-1+deb8u6. We recommend that you upgrade your mupdf packages.