Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
Max CVSS
7.1
EPSS Score
0.09%
Published
2019-08-14
Updated
2019-08-26
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.
Max CVSS
7.8
EPSS Score
1.07%
Published
2019-07-04
Updated
2020-08-30
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.45%
Published
2019-06-13
Updated
2020-08-24
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
Max CVSS
5.5
EPSS Score
0.16%
Published
2019-01-11
Updated
2020-08-24
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
Max CVSS
5.5
EPSS Score
0.34%
Published
2019-01-11
Updated
2020-07-26
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!