Lucene search

K
ArtifexMupdf

61 matches found

CVE
CVE
added 2019/07/04 10:15 p.m.138 views

CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

7.8CVSS7.8AI score0.01248EPSS
CVE
CVE
added 2024/02/05 6:15 p.m.107 views

CVE-2024-24258

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

7.5CVSS7.2AI score0.00183EPSS
CVE
CVE
added 2021/02/23 11:15 p.m.100 views

CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.

7.8CVSS5.4AI score0.01483EPSS
CVE
CVE
added 2017/02/15 6:59 a.m.97 views

CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.

7.5CVSS7.2AI score0.19338EPSS
CVE
CVE
added 2017/03/15 2:59 p.m.93 views

CVE-2017-6060

Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.

7.8CVSS7.9AI score0.03291EPSS
CVE
CVE
added 2018/02/02 9:29 a.m.93 views

CVE-2018-6544

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

5.5CVSS5.2AI score0.00359EPSS
CVE
CVE
added 2017/02/15 7:59 p.m.91 views

CVE-2017-5896

Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.

5.5CVSS6.1AI score0.00405EPSS
CVE
CVE
added 2018/01/14 2:29 a.m.91 views

CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.2AI score0.00824EPSS
CVE
CVE
added 2024/02/05 6:15 p.m.90 views

CVE-2024-24259

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

7.5CVSS7.2AI score0.00183EPSS
CVE
CVE
added 2020/10/02 6:15 a.m.88 views

CVE-2020-26519

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

5.5CVSS5.3AI score0.00769EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.86 views

CVE-2018-1000051

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.

7.8CVSS6.3AI score0.0068EPSS
CVE
CVE
added 2018/01/24 9:29 p.m.86 views

CVE-2018-6192

In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

5.5CVSS5.2AI score0.00359EPSS
CVE
CVE
added 2021/07/21 3:15 p.m.85 views

CVE-2020-19609

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

5.5CVSS6AI score0.00452EPSS
CVE
CVE
added 2020/01/23 10:15 p.m.81 views

CVE-2012-5340

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

7.8CVSS7.3AI score0.03366EPSS
CVE
CVE
added 2018/01/22 3:29 p.m.80 views

CVE-2017-17858

Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.

7.8CVSS6.8AI score0.06191EPSS
CVE
CVE
added 2018/01/24 10:29 a.m.80 views

CVE-2018-6187

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.4AI score0.00348EPSS
CVE
CVE
added 2017/10/18 8:29 a.m.73 views

CVE-2017-15587

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

7.8CVSS6.2AI score0.00236EPSS
CVE
CVE
added 2020/12/09 9:15 p.m.73 views

CVE-2020-16600

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.

7.8CVSS7.4AI score0.00303EPSS
CVE
CVE
added 2019/01/11 5:29 a.m.70 views

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

5.5CVSS5.4AI score0.00205EPSS
CVE
CVE
added 2021/07/21 10:15 p.m.70 views

CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

5.5CVSS5.3AI score0.00115EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.64 views

CVE-2016-8729

An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to t...

7.8CVSS7.7AI score0.00532EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.64 views

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

5.5CVSS5.3AI score0.00308EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.62 views

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/...

7.8CVSS7AI score0.00212EPSS
CVE
CVE
added 2018/04/22 5:29 a.m.61 views

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.2AI score0.00239EPSS
CVE
CVE
added 2023/12/26 3:15 p.m.61 views

CVE-2023-51106

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

7.5CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2017/02/15 9:59 p.m.60 views

CVE-2016-8674

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

5.5CVSS5.8AI score0.00225EPSS
CVE
CVE
added 2018/09/06 11:29 p.m.60 views

CVE-2018-16648

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

5.5CVSS5.2AI score0.00245EPSS
CVE
CVE
added 2023/12/26 3:15 p.m.60 views

CVE-2023-51104

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

7.5CVSS7.5AI score0.00079EPSS
CVE
CVE
added 2016/09/22 3:59 p.m.59 views

CVE-2016-6525

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

9.8CVSS8.9AI score0.05362EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.58 views

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF do...

7.8CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.56 views

CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

5.5CVSS5.3AI score0.00304EPSS
CVE
CVE
added 2014/03/03 4:55 p.m.55 views

CVE-2014-2013

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

7.5CVSS7.9AI score0.28342EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.55 views

CVE-2017-14687

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name c...

7.8CVSS7AI score0.00233EPSS
CVE
CVE
added 2017/10/16 1:29 a.m.55 views

CVE-2017-15369

The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified...

7.8CVSS6.5AI score0.002EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.55 views

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

5.5CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2017/09/22 6:29 a.m.54 views

CVE-2017-14686

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check wh...

7.8CVSS7AI score0.00611EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.53 views

CVE-2016-10246

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.8AI score0.00285EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.53 views

CVE-2016-10247

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.5AI score0.0031EPSS
CVE
CVE
added 2016/09/22 3:59 p.m.53 views

CVE-2016-6265

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

5.5CVSS5.2AI score0.00498EPSS
CVE
CVE
added 2019/01/11 5:29 a.m.53 views

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

5.5CVSS5.3AI score0.00253EPSS
CVE
CVE
added 2018/12/06 12:29 a.m.51 views

CVE-2018-19882

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

5.5CVSS5.2AI score0.00272EPSS
CVE
CVE
added 2017/04/03 5:59 a.m.50 views

CVE-2016-10221

The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.

5.5CVSS5.2AI score0.00198EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.49 views

CVE-2016-8728

An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to...

8.6CVSS7.8AI score0.00586EPSS
CVE
CVE
added 2017/03/26 5:59 a.m.48 views

CVE-2017-7264

Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS7.9AI score0.00065EPSS
CVE
CVE
added 2019/06/13 6:29 p.m.48 views

CVE-2019-7321

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

9.8CVSS9.7AI score0.02615EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.48 views

CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

5.5CVSS5.2AI score0.00056EPSS
CVE
CVE
added 2018/12/06 12:29 a.m.47 views

CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

5.5CVSS5.2AI score0.00267EPSS
CVE
CVE
added 2018/09/06 11:29 p.m.46 views

CVE-2018-16647

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

5.5CVSS5.2AI score0.00472EPSS
CVE
CVE
added 2018/10/26 2:29 p.m.46 views

CVE-2018-18662

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

5.5CVSS5.4AI score0.00244EPSS
CVE
CVE
added 2024/12/10 5:15 p.m.46 views

CVE-2024-46657

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

5.5CVSS6.8AI score0.00067EPSS
Total number of security vulnerabilities61