Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4784

[SECURITY] [DSA 6218-1] mupdf security update

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6218-1] mupdf security update
Date 2026-04-18 17:20 +0200
Message-ID <MLfCF-g9S1-1@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6218-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 18, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2026-3308
Debian Bug     : 1133189

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight
PDF viewer, which may result in denial of service or the execution of
arbitrary code if malformed documents are opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1.21.1+ds2-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 1.25.1+ds1-6+deb13u1.

We recommend that you upgrade your mupdf packages.

For the detailed security status of mupdf please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/mupdf

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnjnrBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QEAg/8DNGqq+HjHgkb/Y9/GKAa7lNQofeeFIRQULsxFbsCN9PTgkS0nKcoZKv1
RLRRRDKZ9xhdkzBH19gr1ztvwXDebAZzZlukrn/CrjRPL5BldgHXtGRkl8WeCAUe
uwg3DC+t5Y6RZMnmCMOuSSMb6O4tiN6AZzIr8ABXFbzU1jSikE013Nz1PmuEBuYx
dBjbNHVYOQiyM6w84HYS82woCNlSVIMRKzYFdvP/AiWWlv75Olmdud+GcJ0UDCPb
G0e6YgIW359JFqExwPNJoTyQe/bvd1pg0uIu3bvOFk5WdqjLQxSHzBOXCI/qZXlT
5P2/PvUrlYzD8Sx+PclXgI8HCuqepurY7Le3eItcKONF+XKN82Xs1fGhIeRmq1Rm
kCnYTBmuZjh+GbyEcykg0sM+oTSkG+ia9KRVIc59+besZQGQF4TMjbAMxcG/T1L1
37CHSZdZllt8CGxZITIfQmDgRp0essYXWTGlHrHgQBe3NoIHZ8T2lFkjI43mQ5LX
OFHmnh9fcsshZn7F9c3AaJGzt2/JTiwXd5j+E+QCYov9HT2aRuxB5NzCGG/LVJxx
0PpS46Mtoq+udLj0XBJi5dTje1WN4JZ3EdkpMfb/jCG3Uy+YY3IrGpasbcH5COJa
bk7EyCSSIhRoXPQaRXH6/cyf4pKFewXUimnliDmdVcgx5kST5Hw=
=SRuA
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6218-1] mupdf security update Salvatore Bonaccorso <carnil@debian.org> - 2026-04-18 17:20 +0200

csiph-web