CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Artifex » Mupdf » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37220 787 2021-07-21 2021-11-28
4.3
 None Remote Medium Not required None None Partial
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
2 CVE-2021-4216 369 2022-08-26 2022-08-31
0.0
 None ??? ??? ??? ??? ??? ???
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
3 CVE-2020-26519 787 DoS 2020-10-02 2022-01-06
4.3
 None Remote Medium Not required None None Partial
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
4 CVE-2020-19609 787 DoS 2021-07-21 2021-12-14
4.3
 None Remote Medium Not required None None Partial
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
5 CVE-2020-16600 416 2020-12-09 2020-12-14
6.8
 None Remote Medium Not required Partial Partial Partial
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
6 CVE-2019-14975 125 2019-08-14 2019-08-26
5.8
 None Remote Medium Not required Partial None Partial
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
7 CVE-2018-1000040 20 DoS 2018-05-24 2019-03-14
4.3
 None Remote Medium Not required None None Partial
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
8 CVE-2018-1000039 416 DoS Exec Code 2018-05-24 2019-03-14
6.8
 None Remote Medium Not required Partial Partial Partial
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
9 CVE-2018-1000038 787 Exec Code Overflow 2018-05-24 2020-08-24
6.8
 None Remote Medium Not required Partial Partial Partial
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
10 CVE-2018-1000037 20 DoS 2018-05-24 2019-03-14
4.3
 None Remote Medium Not required None None Partial
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
11 CVE-2018-1000036 772 DoS 2018-05-24 2021-12-14
4.3
 None Remote Medium Not required None None Partial
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
12 CVE-2017-17866 119 DoS Overflow 2017-12-27 2019-03-11
6.8
 None Remote Medium Not required Partial Partial Partial
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
13 CVE-2017-15369 416 DoS 2017-10-16 2017-11-07
6.8
 None Remote Medium Not required Partial Partial Partial
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
14 CVE-2017-5991 476 2017-02-15 2022-04-18
5.0
 None Remote Low Not required None None Partial
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
15 CVE-2017-5896 125 DoS Overflow 2017-02-15 2017-11-04
4.3
 None Remote Medium Not required None None Partial
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
16 CVE-2016-8674 416 DoS 2017-02-15 2017-11-04
4.3
 None Remote Medium Not required None None Partial
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.
17 CVE-2016-6525 119 DoS Exec Code Overflow 2016-09-22 2017-07-01
7.5
 None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
18 CVE-2016-6265 416 DoS 2016-09-22 2018-10-30
4.3
 None Remote Medium Not required None None Partial
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
19 CVE-2014-2013 119 1 Exec Code Overflow 2014-03-03 2017-12-29
7.5
 None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
Total number of vulnerabilities : 19   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.