Is SumatraPDF vulnerable to MuPDF CVE (Linux OS)?


#1

Hi,
I really like Sumatra, but I’ve been increasingly worried about its security as there haven’t been any updates to its dependencies for some time. E.g. MuPDF recently fixed a possible RCE (CVE-2018-1000039) but Sumatra still uses a pretty old version of MuPDF (4 year old 1.6 used when 1.14 is newest).
Sorry for complaining, I know this is an open source project and rather a hobby than a job, but I really like the software and can’t use it because of this. I also don’t know enough about programming myself to help out. :frowning:
I hope you can find the time to update and release a new version. All the best!


#2

As stated before unless these Linux colour exploits are reported as affecting the modified Windows Mupdf lib there is little point worrying unless your using Wine. It goes without saying if you will download suspicious files eventually one will bite you whatever browser or file format is used to entice you.