-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4540-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 21, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : mupdf Version : 1.17.0+ds1-2+deb11u2 CVE ID : CVE-2026-3308 Debian Bug : 1133189 Yarden Porat found a heap-based buffer overwrite in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For Debian 11 bullseye, this problem has been fixed in version 1.17.0+ds1-2+deb11u2. We recommend that you upgrade your mupdf packages. For the detailed security status of mupdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mupdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmnnMYwACgkQnUbEiOQ2 gwJk1xAAjHWoRY6qVYAm2cuZG8OmtivNhMJ51PIA0CMWZm+g24j9eeXQSg5Gy/N9 1ud1CNDtpYQkyGVskLzBTZvZAhKD1fCcUF3fK8lrm8sw1cJyVl7vwdoctoS5OlHA 674VtEgMeVqK744Wi1SOVKU8pF7MmZV5Sgv48NdYi1QuT2PKkOwM1hRmPqsGs0La A9ELz9H0s9MbhxzrKexeLt38Ofp1glIbkts5VBOo461IpUd26by+YzyYg6lJOxff awEK+DOZAupk62OTyB4YiKCFMzz8hyWXLRumGdUL74j52vTKaSIqJsObHvQiu2O7 dqvUt57frVae04mevPzNcj2Rp+WdIv8u2eH9rJxdbU2TBfLyc1vCj85zdZ5lNM4H OV5l3avwW0fGbsirX1X5SMn4wmV7+Va1NxH3kEbePzKXQ279shXXHphVe/QxODZi CXWlIS0/h19+ZTgvBqH+I2aGg+m1T/lnpb5GuW1P7l+oQ6nXORw+jCHdcls+Jvcr sq8ZEPHI36YeFR9wrhC8ezOqnBrRGsS6LVoDSZr+DapJf19FPu3Lw1H1rgI8w+4s pxXIe7MxlNMvjcQVzpPMUhKmBF77O5/WEOSLyJTI6+d6BhuLj0y0Xf9bPZS1PFxD DkAMtnm2TaEDC2G5hAzpUus0k5aKsVuew49fyXVpgaVMFNWrd2M= =2vuJ -----END PGP SIGNATURE-----
