MuPDF
Products
2- 16 CVEs
- 10 CVEs
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6525 | Cri | 0.64 | 9.8 | 0.04 | Sep 22, 2016 | Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | ||
| CVE-2018-1000038 | Hig | 0.51 | 7.8 | 0.02 | May 24, 2018 | In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | ||
| CVE-2016-8728 | Hig | 0.51 | 7.8 | 0.02 | Apr 24, 2018 | An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code… | ||
| CVE-2017-17866 | Hig | 0.51 | 7.8 | 0.02 | Dec 27, 2017 | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact… | ||
| CVE-2023-51106 | Hig | 0.49 | 7.5 | 0.01 | Dec 26, 2023 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. | ||
| CVE-2018-1000039 | Med | 0.41 | 6.3 | 0.02 | May 24, 2018 | In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | ||
| CVE-2023-31794 | Med | 0.36 | 5.5 | 0.00 | Oct 31, 2023 | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2019-6131 | Med | 0.36 | 5.5 | 0.02 | Jan 11, 2019 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. | ||
| CVE-2019-6130 | Med | 0.36 | 5.5 | 0.02 | Jan 11, 2019 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | ||
| CVE-2018-19882 | Med | 0.36 | 5.5 | 0.01 | Dec 6, 2018 | In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. | ||
| CVE-2018-19881 | Med | 0.36 | 5.5 | 0.02 | Dec 6, 2018 | In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. | ||
| CVE-2018-19777 | Med | 0.36 | 5.5 | 0.01 | Nov 30, 2018 | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | ||
| CVE-2018-18662 | Med | 0.36 | 5.5 | 0.02 | Oct 26, 2018 | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | ||
| CVE-2018-1000040 | Med | 0.36 | 5.5 | 0.01 | May 24, 2018 | In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | ||
| CVE-2018-1000037 | Med | 0.36 | 5.5 | 0.02 | May 24, 2018 | In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | ||
| CVE-2018-1000036 | Med | 0.36 | 5.5 | 0.01 | May 24, 2018 | In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2018-10289 | Med | 0.36 | 5.5 | 0.01 | Apr 22, 2018 | In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||
| CVE-2018-5686 | Med | 0.36 | 5.5 | 0.01 | Jan 14, 2018 | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||
| CVE-2016-8674 | Med | 0.36 | 5.5 | 0.01 | Feb 15, 2017 | The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. | ||
| CVE-2017-5896 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. |
- risk 0.64cvss 9.8epss 0.04
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
- risk 0.51cvss 7.8epss 0.02
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
- risk 0.51cvss 7.8epss 0.02
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code…
- risk 0.51cvss 7.8epss 0.02
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact…
- risk 0.49cvss 7.5epss 0.01
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
- risk 0.41cvss 6.3epss 0.02
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.00
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- risk 0.36cvss 5.5epss 0.02
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
- risk 0.36cvss 5.5epss 0.02
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
- risk 0.36cvss 5.5epss 0.01
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
- risk 0.36cvss 5.5epss 0.02
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
- risk 0.36cvss 5.5epss 0.01
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
- risk 0.36cvss 5.5epss 0.02
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
- risk 0.36cvss 5.5epss 0.01
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
- risk 0.36cvss 5.5epss 0.02
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
- risk 0.36cvss 5.5epss 0.01
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
- risk 0.36cvss 5.5epss 0.01
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.