REDHAT-BUG-1385685: Use After Free
An use-after-free vulnerability was found in mupdf pdftonum. A maliciously created file could cause the application to crash.
Upstream bugs:
http://bugs.ghostscript.com/showbug.cgi?id=697015 http://bugs.ghostscript.com/showbug.cgi?id=697019
Upstream patch:
http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
References:
http://seclists.org/oss-sec/2016/q4/149 https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdftonum-pdf-object-c/
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-1385685?
The severity of REDHAT-BUG-1385685 is considered to be high due to the potential for application crashes from malicious files.
How do I fix REDHAT-BUG-1385685?
To fix REDHAT-BUG-1385685, you should update to the latest version of MuPDF that addresses this vulnerability.
What specific software is affected by REDHAT-BUG-1385685?
REDHAT-BUG-1385685 affects the Ghostscript MuPDF application.
Can REDHAT-BUG-1385685 be exploited remotely?
Yes, REDHAT-BUG-1385685 can be exploited remotely if a user opens a maliciously crafted PDF file.
What is a use-after-free vulnerability in the context of REDHAT-BUG-1385685?
A use-after-free vulnerability like REDHAT-BUG-1385685 occurs when a program continues to use a pointer after the memory it points to has been released, potentially leading to crashes or code execution.