391 matches found
UBUNTU-CVE-2026-56368
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...
CVE-2026-7233 Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...
MuPDF by Artifex contains integer overflow vulnerability.
Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the application to...
EUVD-2026-17412
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
CVE-2026-3029
A flaw was found in PyMuPDF. This vulnerability, involving path traversal, allows an attacker to write arbitrary files to unintended locations on the system. The flaw is present in the embedded get function within the main.py file. Successful exploitation could lead to system compromise or data...
EUVD-2025-207549
A vulnerability was determined in MuYuCMS 2.7. Affected is the function deletedirfile of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. T...
CVE-2025-15569
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function getsystemdpi of the file platform/x11/winmain.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The...
CVE-2025-15569 Artifex MuPDF win_main.c get_system_dpi uncontrolled search path
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function getsystemdpi of the file platform/x11/winmain.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The...
EUVD-2026-5668
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...
Malicious code in moon-new-cloud-mu-cat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7213659a3b8201c11de4613fcf1612a6f3efe3bb58d2c69ab5633e9f00655521 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177570
Malicious code in node-mu-private-new-runtime npm...
EUVD-2025-178334
Malicious code in iota-virtualize-alert-mu-cache npm...
EUVD-2025-178650
Malicious code in grid-mu-cloud-signal-cat npm...
EUVD-2025-179323
Malicious code in deploy-awk-user-psi-mu npm...
EUVD-2025-175553
Malicious code in wind-execute-authorize-mu-byte npm...
EUVD-2025-177748
Malicious code in mu-slow-star-promise-eta npm...
EUVD-2025-177829
Malicious code in minify-mu-catch-authenticate-user npm...
EUVD-2025-180153
Malicious code in bad-alert-long-container-mu npm...