VYPR

MuPDF

by MuPDF

CVEs (8)

  • CVE-2016-6525CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

  • CVE-2016-8728HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code…

  • CVE-2018-10289MedApr 22, 2018
    risk 0.36cvss 5.5epss 0.01

    In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

  • CVE-2018-5686MedJan 14, 2018
    risk 0.36cvss 5.5epss 0.01

    In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

  • CVE-2016-8674MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

  • CVE-2017-5896MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

  • CVE-2016-6265MedSep 22, 2016
    risk 0.36cvss 5.5epss 0.02

    Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

  • CVE-2009-4117Dec 1, 2009
    risk 0.04cvss epss 0.08

    Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not…