Artifex

Mupdf

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-7233

Exploit
  • EPSS 0.02%
  • Veröffentlicht 28.04.2026 06:00:18
  • Zuletzt bearbeitet 05.05.2026 21:16:23

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be...

4.8

CVE-2026-40505

  • EPSS 0%
  • Veröffentlicht 16.04.2026 01:20:08
  • Zuletzt bearbeitet 17.04.2026 17:17:08

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed ...

7.8

CVE-2026-3308

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 31.03.2026 13:13:12
  • Zuletzt bearbeitet 21.04.2026 10:16:30

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write t...

7.5

CVE-2026-3029

  • EPSS 0.02%
  • Veröffentlicht 19.03.2026 15:53:38
  • Zuletzt bearbeitet 24.03.2026 02:16:05

A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.

7.3

CVE-2025-15569

  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 10:02:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack i...

7.5

CVE-2026-25556

Exploit
  • EPSS 0.02%
  • Veröffentlicht 06.02.2026 16:11:59
  • Zuletzt bearbeitet 24.02.2026 21:07:13

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pix...

7.5

CVE-2025-55780

  • EPSS 0.06%
  • Veröffentlicht 23.09.2025 18:15:34
  • Zuletzt bearbeitet 08.10.2025 18:04:01

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->ne...

6.5

CVE-2025-46206

Exploit
  • EPSS 0.27%
  • Veröffentlicht 04.08.2025 00:00:00
  • Zuletzt bearbeitet 02.10.2025 17:39:43

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, th...

5.5

CVE-2024-46657

Exploit
  • EPSS 0.03%
  • Veröffentlicht 10.12.2024 17:15:10
  • Zuletzt bearbeitet 01.07.2025 13:39:18

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

7.5

CVE-2024-24259

Exploit
  • EPSS 0.25%
  • Veröffentlicht 05.02.2024 18:15:52
  • Zuletzt bearbeitet 04.11.2025 19:16:56

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.