ALT-BU-2025-5551-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2021-05383
Уязвимость библиотеки libntlm реализации протокола сетевой аутентификации NT LAN Manager (NTLM), позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-17455
Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.
- openSUSE-SU-2020:0816
- openSUSE-SU-2020:0816
- openSUSE-SU-2020:0806
- openSUSE-SU-2020:0806
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145
- https://gitlab.com/jas/libntlm/issues/2
- https://gitlab.com/jas/libntlm/issues/2
- [debian-lts-announce] 20200510 [SECURITY] [DLA 2207-1] libntlm security update
- [debian-lts-announce] 20200510 [SECURITY] [DLA 2207-1] libntlm security update
- [debian-lts-announce] 20211128 [SECURITY] [DLA 2831-1] libntlm security update
- [debian-lts-announce] 20211128 [SECURITY] [DLA 2831-1] libntlm security update
- FEDORA-2020-8794383d6f
- FEDORA-2020-8794383d6f
- FEDORA-2020-1f643c272c
- FEDORA-2020-1f643c272c
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html
- https://security-tracker.debian.org/tracker/CVE-2019-17455
- https://security-tracker.debian.org/tracker/CVE-2019-17455
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-6673
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
- [oss-security] 20150825 Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp
- [oss-security] 20150825 Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- https://bugzilla.redhat.com/show_bug.cgi?id=1251749
- [debian-lts-announce] 20191215 [SECURITY] [DLA 2035-1] libpgf security update
- [debian-lts-announce] 20191215 [SECURITY] [DLA 2035-1] libpgf security update
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://security-tracker.debian.org/tracker/CVE-2015-6673/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/147/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/148/
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/libpgf/INSTALL
- USN-4554-1
- USN-4554-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-3407
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
- http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a
- http://git.ghostscript.com/?p=mupdf.git%3Bh=cee7cefc610d42fd383b3c80c12cbc675443176a
- https://bugs.ghostscript.com/show_bug.cgi?id=703366
- https://bugs.ghostscript.com/show_bug.cgi?id=703366
- [debian-lts-announce] 20210311 [SECURITY] [DLA 2589-1] mupdf security update
- [debian-lts-announce] 20210311 [SECURITY] [DLA 2589-1] mupdf security update
- FEDORA-2021-d8e6f014e5
- FEDORA-2021-d8e6f014e5
- FEDORA-2021-572bb0f886
- FEDORA-2021-572bb0f886
- FEDORA-2021-baeaa7bccb
- FEDORA-2021-baeaa7bccb
- GLSA-202105-30
- GLSA-202105-30
Modified: 2024-11-21
CVE-2021-37220
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
- http://git.ghostscript.com/?p=mupdf.git%3Bh=f5712c9949d026e4b891b25837edd2edc166151f
- http://git.ghostscript.com/?p=mupdf.git%3Bh=f5712c9949d026e4b891b25837edd2edc166151f
- https://bugs.ghostscript.com/show_bug.cgi?id=703791
- https://bugs.ghostscript.com/show_bug.cgi?id=703791
- FEDORA-2021-e1d8a99caa
- FEDORA-2021-e1d8a99caa
Modified: 2024-11-21
CVE-2021-4216
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.