CVE-2014-2013 — mupdf - security update

Description

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

How to fix CVE-2014-2013

To remediate CVE-2014-2013, upgrade the affected package to a fixed version below.

Debian/mupdf—upgrade to 1.3-2 or later
Debian/mupdf—upgrade to 0.9-2+deb7u2 or later

Is CVE-2014-2013 being exploited?

Moderate — EPSS is 34.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 1.3-2
from 0, < 0.9-2+deb7u2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2013