CVE-2026-7233
published 2026-04-28CVE-2026-7233: A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the…
PriorityP430medium6.1CVSS 3.1
AVLACLPRLUINSUCLINAH
EPSS
0.24%
14.7th percentile
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.27.2 | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
| artifex | mupdf | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.01.7LOWAV:L/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat1.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
vendor_redhat·2026-04-28·CVSS 1.9
CVE-2026-7233 [LOW] CWE-125 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user could exploit an out-of-bounds read vulnerability in the `fz_subset_cff_for_gids` function. This could allow an attacker to read sensitive information from memory, potentially leading to information disclosure.
Statement: This vulnerability is rated as Low impact. The out-of-bounds read in Artifex MuPDF's CFF Index Handler requires local user access to exploit, limiting its potential for widespread impact on Red Hat systems. Successful exploitation could lead to information disclosure from memory.
Mitigation: Users should avoid opening untrusted or malicious PDF documents with applications that utilize the MuPDF libra
GHSA
GHSA-82r2-3cm6-cxw2: A vulnerability was determined in Artifex MuPDF up to 1
ghsa_unreviewed·2026-04-28
CVE-2026-7233 [LOW] CWE-119 GHSA-82r2-3cm6-cxw2: A vulnerability was determined in Artifex MuPDF up to 1
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
VulDB
Artifex MuPDF up to 1.28.0 CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds (Bug 709328)
vuldb·2026-04-27·CVSS 1.9
CVE-2026-7233 [LOW] Artifex MuPDF up to 1.28.0 CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds (Bug 709328)
A vulnerability marked as problematic has been reported in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read.
The identification of this vulnerability is CVE-2026-7233. The attack can only be executed locally. Furthermore, there is an exploit available.
The project was informed of the problem early through a bug report but has not responded yet.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [fedora-all]
bugzilla·2026-04-28·CVSS 1.9
CVE-2026-7233 [LOW] CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [fedora-all]
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
bugzilla·2026-04-28·CVSS 1.9
CVE-2026-7233 [LOW] CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
Discussion:
This is the upstream bug:
https://bugs.ghostscript.com/show_bug.cgi?id=709328
Bugzilla
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [epel-all]
bugzilla·2026-04-28·CVSS 1.9
CVE-2026-7233 [LOW] CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [epel-all]
CVE-2026-7233 mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
https://artifex.com/https://bugs.ghostscript.com/show_bug.cgi?id=709328https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobreadhttps://vuldb.com/submit/802590https://vuldb.com/vuln/359840https://vuldb.com/vuln/359840/ctihttps://bugs.ghostscript.com/show_bug.cgi?id=709328https://vuldb.com/submit/802590
2026-04-28
Published