Debian DSA-4152-1 : mupdf - security update
Medium Nessus Plugin ID 108663
SynopsisThe remote Debian host is missing a security-related update.
DescriptionTwo vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute code in the context in which the application is running.
SolutionUpgrade the mupdf packages.
For the oldstable distribution (jessie), these problems have been fixed in version 1.5-1+deb8u4.
For the stable distribution (stretch), these problems have been fixed in version 1.9a+ds1-4+deb9u3.