CVE-2020-26683Missing Release of Memory after Effective Lifetime in Mupdf

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mupdf
Timeline
PublishedAug 22
Latest updateOct 16

Description

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianartifex/mupdf< 1.19.0+ds1-1+2
NVDartifex/mupdf1.17.0

Patches

Patch: bugs.ghostscript.comPatch: bugs.ghostscript.com

🔴Vulnerability Details

3
GHSA
GHSA-8f37-8c54-xq42: A memory leak issue discovered in /pdf/pdf-font-add2023-08-22
OSV
CVE-2020-26683: A memory leak issue discovered in /pdf/pdf-font-add2023-08-22
CVEList
CVE-2020-26683: A memory leak issue discovered in /pdf/pdf-font-add2023-08-22

📋Vendor Advisories

2
Ubuntu
MuPDF vulnerabilities2025-10-16
Debian
CVE-2020-26683: mupdf - A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF ...2020
CVE-2020-26683 — Artifex Mupdf vulnerability | cvebase