CVE-2024-46657 — Classic Buffer Overflow in Mupdf

CWE-120 — Classic Buffer Overflow7 documents6 sources

Severity

5.5MEDIUMNVD

OSV7.5

EPSS

0.1%

top 83.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf

Timeline

PublishedDec 10

Latest updateNov 25

Description

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianartifex/mupdf< 1.25.1+ds1-5+1

▶Ubuntuartifex/mupdf< 1.12.0+ds1-1ubuntu0.1~esm2+3

▶NVDartifex/mupdf1.24.9

Patches

Patch: cgit.ghostscript.com ↗Patch: gist.github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

mupdf vulnerabilities↗2025-11-25

▶

OSV

CVE-2024-46657: Artifex Software mupdf v1↗2024-12-10

▶

CVEList

CVE-2024-46657: Artifex Software mupdf v1↗2024-12-10

▶

GHSA

GHSA-mw8h-4567-xqvj: Artifex Software mupdf v1↗2024-12-10

▶

📋Vendor Advisories

Ubuntu

MuPDF vulnerabilities↗2025-11-25

▶

Debian

CVE-2024-46657: mupdf - Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault vi...↗2024

▶