Mupdf Security Vulnerabilities and Issues — Mupdf CVE List

Lucene search

ArtifexMupdf

5 matches found

CVE•added 2019/07/04 10:15 p.m.•138 views

CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

7.8CVSS7.8AI score0.01248EPSS

CVE•added 2019/01/11 5:29 a.m.•70 views

CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

5.5CVSS5.4AI score0.00205EPSS

CVE•added 2019/01/11 5:29 a.m.•53 views

CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

5.5CVSS5.3AI score0.00253EPSS

CVE•added 2019/06/13 6:29 p.m.•48 views

CVE-2019-7321

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

9.8CVSS9.7AI score0.02615EPSS

CVE•added 2019/08/14 1:15 p.m.•39 views

CVE-2019-14975

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

7.1CVSS7AI score0.0022EPSS