I just patched this in commit 6891f957. Thanks for the heads up! On Wed, 2021-03-03 at 21:53 +0100, Léo Le Bouter wrote: > CVE-2021-3407 24.02.21 00:15 > A flaw was found in mupdf 1.18.0. Double free of object during > linearization may lead to memory corruption and other potential > consequences. > > mupdf has made no release yet, so you need to cherry-pick the commit: > https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a
signature.asc
Description: This is a digitally signed message part
