CVE-2018-16647 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mupdf

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 48.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf

Timeline

PublishedSep 6

Latest updateOct 16

Description

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianartifex/mupdf< 1.14.0+ds1-4+3

▶Ubuntuartifex/mupdf< 1.7a-1ubuntu0.1~esm1+2

▶NVDartifex/mupdf1.13.0

🔴Vulnerability Details

OSV

mupdf vulnerabilities↗2025-10-16

▶

GHSA

GHSA-jrh7-3h3c-f5j3: In Artifex MuPDF 1↗2022-05-13

▶

OSV

CVE-2018-16647: In Artifex MuPDF 1↗2018-09-06

▶

CVEList

CVE-2018-16647: In Artifex MuPDF 1↗2018-09-06

▶

📋Vendor Advisories

Ubuntu

MuPDF vulnerabilities↗2025-10-16

▶

Debian

CVE-2018-16647: mupdf - In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allow...↗2018

▶

💬Community

Bugzilla

CVE-2018-16647 CVE-2018-16648 mupdf: various flaws [fedora-all]↗2018-09-07

▶

Bugzilla

CVE-2018-16647 mupdf: Segmentation fault in the pdf_get_xref_entry function resulting in a crash↗2018-09-07

▶