Artifex Mupdf vulnerabilities
68 known vulnerabilities affecting artifex/mupdf.
Total CVEs
68
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH28MEDIUM36LOW1
Vulnerabilities
Page 1 of 4
CVE-2017-5991P3HIGHCVSS 7.5PoCfixed in 1.112017-02-15
CVE-2017-5991 [HIGH] CWE-476 CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_ru
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
nvdosv
CVE-2014-2013P3HIGHCVSS 7.5PoC≤ 1.3v1.0+2 more2014-03-03
CVE-2014-2013 [HIGH] CWE-119 CVE-2014-2013: Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and ear
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
nvdosv
CVE-2017-6060P3HIGHCVSS 7.8PoCv1.10a2017-03-15
CVE-2017-6060 [HIGH] CWE-787 CVE-2017-6060: Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allow
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
nvdosv
CVE-2012-5340P3HIGHCVSS 7.8PoCv1.0v1.12020-01-23
CVE-2012-5340 [HIGH] CWE-190 CVE-2012-5340: SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number()
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
nvdosv
CVE-2016-6525P3CRITICALCVSS 9.8≤ 1.92016-09-22
CVE-2016-6525 [CRITICAL] CWE-119 CVE-2016-6525: Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows r
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
nvdosv
CVE-2019-7321P3CRITICALCVSS 9.8v1.14.02019-06-13
CVE-2019-7321 [CRITICAL] CWE-787 CVE-2019-7321: Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
nvd
CVE-2021-3407P3MEDIUMCVSS 5.5v1.18.0vmupdf 1.18.02021-02-23
CVE-2021-3407 [MEDIUM] CWE-415 CVE-2021-3407: A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corr
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
nvdosv
CVE-2011-0341P3CRITICALCVSS 9.3v2008.09.022011-05-13
CVE-2011-0341 [CRITICAL] CWE-119 CVE-2011-0341: Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF p
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.
nvd
CVE-2026-25556P3HIGHCVSS 7.5≥ 1.23.0, ≤ 1.27.02026-02-06
CVE-2026-25556 [HIGH] CWE-415 CVE-2026-25556: MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_disp
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding
nvdosv
CVE-2019-13290P3HIGHCVSS 7.8v1.15.02019-07-04
CVE-2019-13290 [HIGH] CWE-787 CVE-2019-13290: Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.
nvdosv
CVE-2016-8728P3HIGHCVSS 7.8v1.102018-04-24
CVE-2016-8728 [HIGH] CWE-787 CVE-2016-8728: An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of t
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader
nvd
CVE-2018-1000051P3HIGHCVSS 7.8v1.12.02018-02-09
CVE-2018-1000051 [HIGH] CWE-416 CVE-2018-1000051: Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that ca
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
nvdosv
CVE-2025-55780P3HIGHCVSS 7.5≥ 1.24.0, < 1.26.72025-09-23
CVE-2025-55780 [HIGH] CWE-476 CVE-2025-55780: A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 whe
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or retu
nvdosv
CVE-2017-17858P3HIGHCVSS 7.8v1.12.02018-01-22
CVE-2017-17858 [HIGH] CWE-119 CVE-2017-17858: Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
nvdosv
CVE-2018-1000038P3HIGHCVSS 7.8≤ 1.12.02018-05-24
CVE-2018-1000038 [HIGH] CWE-787 CVE-2018-1000038: In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
nvdosv
CVE-2016-8729P3HIGHCVSS 7.8v1.92018-04-24
CVE-2016-8729 [HIGH] CWE-119 CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A sp
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.
nvd
CVE-2017-14686P3HIGHCVSS 7.8v1.112017-09-22
CVE-2017-14686 [HIGH] CWE-119 CVE-2017-14686: Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a cra
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.
nvdosv
CVE-2018-1000039P3MEDIUMCVSS 6.3≤ 1.12.02018-05-24
CVE-2018-1000039 [MEDIUM] CWE-416 CVE-2018-1000039: In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
nvdosv
CVE-2020-16600P3HIGHCVSS 7.8≤ 1.16.1v1.17.02020-12-09
CVE-2020-16600 [HIGH] CWE-416 CVE-2020-16600: A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
nvdosv
CVE-2024-24259P3HIGHCVSS 7.5v1.23.92024-02-05
CVE-2024-24259 [HIGH] CWE-401 CVE-2024-24259: freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glu
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
nvd
1 / 4Next →