SUSE CVE-2018-19882

In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and application crash via a crafted svg file, as demonstrated by mupdf-gl...

SUSE CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service memory leak via a crafted file...

SUSE CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service assert crash via a crafted file...

SUSE CVE-2018-1000038

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdflookupcmapfull in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file...

SUSE CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

SUSE CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fzkeepkeystorable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF...

SUSE CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fzloadpage of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c...

SUSE CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

SUSE CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fzappenddisplaynode located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node...

SUSE CVE-2019-14975

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fzchartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string...

SUSE CVE-2020-16600

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newbandwriter...

SUSE CVE-2020-19609

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiffexpandcolormap function when parsing TIFF files allowing attackers to cause a denial of service...

SUSE CVE-2020-26519

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service...

SUSE CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences...

SUSE CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

openSUSE 15 Security Update : mupdf (openSUSE-SU-2022:10126-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10126-1 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 ...

openSUSE 15 Security Update : mupdf (openSUSE-SU-2022:10125-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10125-1 advisory. - A Floating point exception division-by-zero flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream...

OPENSUSE-SU-2022:10126-1 Security update for mupdf

This update for mupdf fixes the following issues: mupdf was updated to 1.20.3: return error, not success when unable to lock native device resource. Bug 705620: Start journal operation instead of pushing local xref. Ensure AndroidDrawDevice is destroyed, even upon exception. source/pdf/pdf-clean....