Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ArtifexMupdf

61 matches found

CVE
CVEadded 2019/07/04 10:15 p.m.138 views

CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

7.8CVSS7.8AI score0.01248EPSS
CVE
CVEadded 2024/02/05 6:15 p.m.107 views

CVE-2024-24258

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

7.5CVSS7.2AI score0.00183EPSS
CVE
CVEadded 2021/02/23 11:15 p.m.100 views

CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.

7.8CVSS5.4AI score0.01483EPSS
CVE
CVEadded 2017/02/15 6:59 a.m.97 views

CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

7.5CVSS7.2AI score0.19338EPSS
CVE
CVEadded 2017/03/15 2:59 p.m.93 views

CVE-2017-6060

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.03291EPSS
CVE
CVEadded 2018/02/02 9:29 a.m.93 views

CVE-2018-6544

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

5.5CVSS5.2AI score0.00359EPSS
CVE
CVEadded 2017/02/15 7:59 p.m.91 views

CVE-2017-5896

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

5.5CVSS6.1AI score0.00405EPSS
CVE
CVEadded 2018/01/14 2:29 a.m.91 views

CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.2AI score0.00824EPSS
CVE
CVEadded 2024/02/05 6:15 p.m.90 views

CVE-2024-24259

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

7.5CVSS7.2AI score0.00183EPSS
CVE
CVEadded 2020/10/02 6:15 a.m.88 views

CVE-2020-26519

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

5.5CVSS5.3AI score0.00769EPSS
CVE
CVEadded 2018/02/09 11:29 p.m.86 views

CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

7.8CVSS6.3AI score0.0068EPSS
CVE
CVEadded 2018/01/24 9:29 p.m.86 views

CVE-2018-6192

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

5.5CVSS5.2AI score0.00359EPSS
CVE
CVEadded 2021/07/21 3:15 p.m.85 views

CVE-2020-19609

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

5.5CVSS6AI score0.00452EPSS
CVE
CVEadded 2020/01/23 10:15 p.m.81 views

CVE-2012-5340

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

7.8CVSS7.3AI score0.03366EPSS
CVE
CVEadded 2018/01/22 3:29 p.m.80 views

CVE-2017-17858

Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

7.8CVSS6.8AI score0.06191EPSS
CVE
CVEadded 2018/01/24 10:29 a.m.80 views

CVE-2018-6187

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.4AI score0.00348EPSS
CVE
CVEadded 2017/10/18 8:29 a.m.73 views

CVE-2017-15587

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

7.8CVSS6.2AI score0.00236EPSS
CVE
CVEadded 2020/12/09 9:15 p.m.73 views

CVE-2020-16600

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.

7.8CVSS7.4AI score0.00303EPSS
CVE
CVEadded 2019/01/11 5:29 a.m.70 views

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

5.5CVSS5.4AI score0.00205EPSS
CVE
CVEadded 2021/07/21 10:15 p.m.70 views

CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

5.5CVSS5.3AI score0.00115EPSS
CVE
CVEadded 2018/04/24 7:29 p.m.64 views

CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to t...

7.8CVSS7.7AI score0.00532EPSS
CVE
CVEadded 2018/05/24 1:29 p.m.64 views

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

5.5CVSS5.3AI score0.00308EPSS
CVE
CVEadded 2017/09/22 6:29 a.m.62 views

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/...

7.8CVSS7AI score0.00212EPSS
CVE
CVEadded 2018/04/22 5:29 a.m.61 views

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.2AI score0.00239EPSS
CVE
CVEadded 2023/12/26 3:15 p.m.61 views

CVE-2023-51106

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

7.5CVSS7.5AI score0.00071EPSS
CVE
CVEadded 2017/02/15 9:59 p.m.60 views

CVE-2016-8674

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

5.5CVSS5.8AI score0.00225EPSS
CVE
CVEadded 2018/09/06 11:29 p.m.60 views

CVE-2018-16648

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

5.5CVSS5.2AI score0.00245EPSS
CVE
CVEadded 2023/12/26 3:15 p.m.60 views

CVE-2023-51104

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

7.5CVSS7.5AI score0.00079EPSS
CVE
CVEadded 2016/09/22 3:59 p.m.59 views

CVE-2016-6525

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

9.8CVSS8.9AI score0.05362EPSS
CVE
CVEadded 2017/12/27 5:8 p.m.58 views

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF do...

7.8CVSS6.8AI score0.00288EPSS
CVE
CVEadded 2018/05/24 1:29 p.m.56 views

CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

5.5CVSS5.3AI score0.00304EPSS
CVE
CVEadded 2014/03/03 4:55 p.m.55 views

CVE-2014-2013

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

7.5CVSS7.9AI score0.28342EPSS
CVE
CVEadded 2017/09/22 6:29 a.m.55 views

CVE-2017-14687

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name c...

7.8CVSS7AI score0.00233EPSS
CVE
CVEadded 2017/10/16 1:29 a.m.55 views

CVE-2017-15369

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified...

7.8CVSS6.5AI score0.002EPSS
CVE
CVEadded 2018/05/24 1:29 p.m.55 views

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

5.5CVSS5.5AI score0.00262EPSS
CVE
CVEadded 2017/09/22 6:29 a.m.54 views

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check wh...

7.8CVSS7AI score0.00611EPSS
CVE
CVEadded 2017/03/16 2:59 p.m.53 views

CVE-2016-10246

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.8AI score0.00285EPSS
CVE
CVEadded 2017/03/16 2:59 p.m.53 views

CVE-2016-10247

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.5AI score0.0031EPSS
CVE
CVEadded 2016/09/22 3:59 p.m.53 views

CVE-2016-6265

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

5.5CVSS5.2AI score0.00498EPSS
CVE
CVEadded 2019/01/11 5:29 a.m.53 views

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

5.5CVSS5.3AI score0.00253EPSS
CVE
CVEadded 2018/12/06 12:29 a.m.51 views

CVE-2018-19882

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

5.5CVSS5.2AI score0.00272EPSS
CVE
CVEadded 2017/04/03 5:59 a.m.50 views

CVE-2016-10221

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

5.5CVSS5.2AI score0.00198EPSS
CVE
CVEadded 2018/04/24 7:29 p.m.49 views

CVE-2016-8728

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to...

8.6CVSS7.8AI score0.00586EPSS
CVE
CVEadded 2017/03/26 5:59 a.m.48 views

CVE-2017-7264

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS7.9AI score0.00065EPSS
CVE
CVEadded 2019/06/13 6:29 p.m.48 views

CVE-2019-7321

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

9.8CVSS9.7AI score0.02615EPSS
CVE
CVEadded 2023/08/22 7:16 p.m.48 views

CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

5.5CVSS5.2AI score0.00056EPSS
CVE
CVEadded 2018/12/06 12:29 a.m.47 views

CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

5.5CVSS5.2AI score0.00267EPSS
CVE
CVEadded 2018/09/06 11:29 p.m.46 views

CVE-2018-16647

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

5.5CVSS5.2AI score0.00472EPSS
CVE
CVEadded 2018/10/26 2:29 p.m.46 views

CVE-2018-18662

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

5.5CVSS5.4AI score0.00244EPSS
CVE
CVEadded 2024/12/10 5:15 p.m.46 views

CVE-2024-46657

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

5.5CVSS6.8AI score0.00067EPSS
Total number of security vulnerabilities61