rpm package
opensuse/mupdf&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mupdf&distro=openSUSE%20Tumbleweed
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25556 | — | < 1.27.1-1.1 | 1.27.1-1.1 | Feb 6, 2026 | MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path | ||
| CVE-2025-55780 | — | < 1.27.1-1.1 | 1.27.1-1.1 | Sep 23, 2025 | A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing n | ||
| CVE-2023-31794 | — | < 1.23.4-2.1 | 1.23.4-2.1 | Oct 31, 2023 | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2021-4216 | — | < 1.20.3-2.1 | 1.20.3-2.1 | Aug 26, 2022 | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | ||
| CVE-2018-25032 | — | < 1.19.1-1.1 | 1.19.1-1.1 | Mar 25, 2022 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||
| CVE-2018-18662 | — | < 1.18.0-1.7 | 1.18.0-1.7 | Oct 26, 2018 | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | ||
| CVE-2018-16648 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Sep 6, 2018 | In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. | |
| CVE-2018-16647 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Sep 6, 2018 | In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. | |
| CVE-2016-8729 | Hig | 7.8 | < 1.18.0-1.7 | 1.18.0-1.7 | Apr 24, 2018 | An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send | |
| CVE-2018-1000051 | Hig | 7.8 | < 1.18.0-1.7 | 1.18.0-1.7 | Feb 9, 2018 | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | |
| CVE-2018-6544 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Feb 2, 2018 | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | |
| CVE-2018-6192 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Jan 24, 2018 | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | |
| CVE-2018-6187 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Jan 24, 2018 | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | |
| CVE-2017-17858 | Hig | 7.8 | < 1.18.0-1.7 | 1.18.0-1.7 | Jan 22, 2018 | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | |
| CVE-2018-5686 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Jan 14, 2018 | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |
| CVE-2017-15369 | Hig | 7.8 | < 1.18.0-1.7 | 1.18.0-1.7 | Oct 16, 2017 | The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possib | |
| CVE-2017-7976 | Hig | 7.1 | < 1.18.0-1.7 | 1.18.0-1.7 | Apr 19, 2017 | Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from | |
| CVE-2016-10221 | Med | 4.3 | < 1.18.0-1.7 | 1.18.0-1.7 | Apr 3, 2017 | The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. | |
| CVE-2016-10132 | Hig | 7.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Mar 24, 2017 | regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. | |
| CVE-2017-5896 | Med | 5.5 | < 1.18.0-1.7 | 1.18.0-1.7 | Feb 15, 2017 | Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. |
- CVE-2026-25556Feb 6, 2026affected < 1.27.1-1.1fixed 1.27.1-1.1
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path
- CVE-2025-55780Sep 23, 2025affected < 1.27.1-1.1fixed 1.27.1-1.1
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing n
- CVE-2023-31794Oct 31, 2023affected < 1.23.4-2.1fixed 1.23.4-2.1
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2021-4216Aug 26, 2022affected < 1.20.3-2.1fixed 1.20.3-2.1
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
- CVE-2018-25032Mar 25, 2022affected < 1.19.1-1.1fixed 1.19.1-1.1
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- CVE-2018-18662Oct 26, 2018affected < 1.18.0-1.7fixed 1.18.0-1.7
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send
- affected < 1.18.0-1.7fixed 1.18.0-1.7
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possib
- affected < 1.18.0-1.7fixed 1.18.0-1.7
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from
- affected < 1.18.0-1.7fixed 1.18.0-1.7
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
- affected < 1.18.0-1.7fixed 1.18.0-1.7
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
Page 1 of 2