1350 matches found
OPENSUSE-SU-2026:21180-1 Security update for mupdf
This update for mupdf fixes the following issues: Changes in mupdf: - Build and ship MuPDF as a shared library make shared=yes instead of static-only: New subpackage libmupdf272 carries libmupdf.so.27.2 the SONAME tracks the upstream minor.patch version. Replaced the static-only mupdf-devel-stati...
Astra Linux – Vulnerability in mupdf
A integer overflow vulnerability exists in the 'pdf-image.c' file in Artifex’s MuPDF version 1.27.0. This vulnerability allows an attacker to create a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This enables a heap out-of-bounds write, which could be exploited...
Linux Distros Unpatched Vulnerability : CVE-2025-71382
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of...
CVE-2025-71382
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
UBUNTU-CVE-2025-71382
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
EUVD-2025-210322
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
CVE-2025-71382
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
CVE-2025-71382
MuPDF prior to 1.27.0-rc1 is affected by an uncontrolled recursion in the EPUB CSS rendering engine. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, enabling remote attackers to trigger a denial of service by...
PT-2026-51571
Name of the Vulnerable Software and Affected Versions MuPDF versions prior to 1.27.0-rc1 Description The EPUB CSS rendering engine contains an uncontrolled recursion issue. A remote attacker can trigger a denial of service by providing a specially crafted EPUB file featuring inline CSS styles and...
Advisory ROSA-SA-2026-3304
Software: mupdf 1.26.10 Operating System: ROSA-CHROME Unaffected versions: = mupdf-1.26.10-2 Affected versions: mupdf-1.26.10-2 CVE-ID: CVE-2026-25556 BDU-ID: None CVE-Crit: HIGH CVE-DESCRIPTION: A vulnerability related to double-freeing memory exists in MuPDF versions from 1.23.0 to 1.27.0. This...
SUSE CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
Linux Distros Unpatched Vulnerability : CVE-2026-7233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component...
CVE-2026-7233
A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user could exploit an out-of-bounds read vulnerability in the fzsubsetcffforgids function. This could allow an attacker to read sensitive information from memory, potentially leading to information...
CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
UBUNTU-CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
CVE-2026-7233
Technical details about CVE-2026-7233 are not publicly available in the provided documents; monitor for updates.
EUVD-2026-26000
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
CVE-2026-7233 Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...