CVE-2014-2013

EPSS 34.5%

mupdf - security update

Published: 3/3/2014Modified: 4/28/2026

Description

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

Affected packages (2)

Debian/mupdffrom 0, < 1.3-2
Debian/mupdffrom 0, < 0.9-2+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2013