Artifex Mupdf vulnerabilities

CVE-2020-26519 [MEDIUM] CWE-787 CVE-2020-26519: Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing att Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

CVE-2012-5340 [HIGH] CWE-190 CVE-2012-5340: SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

CVE-2019-14975 [HIGH] CWE-125 CVE-2019-14975: Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c beca Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

CVE-2019-13290 [HIGH] CWE-787 CVE-2019-13290: Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

CVE-2019-7321 [CRITICAL] CWE-787 CVE-2019-7321: Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

CVE-2019-6130 [MEDIUM] CWE-118 CVE-2019-6130: Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonst Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

CVE-2019-6131 [MEDIUM] CWE-674 CVE-2019-6131: svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbo svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

CVE-2018-19882 [MEDIUM] CWE-476 CVE-2018-19882: In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to caus In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

CVE-2018-19881 [MEDIUM] CWE-400 CVE-2018-19881: In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursi In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

CVE-2018-19777 [MEDIUM] CWE-835 CVE-2018-19777: In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-devi In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

CVE-2018-18662 [MEDIUM] CWE-125 CVE-2018-18662: There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonst There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.

CVE-2018-16647 [MEDIUM] CWE-119 CVE-2018-16647: In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers t In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.

CVE-2018-16648 [MEDIUM] CWE-129 CVE-2018-16648: In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cau In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.

CVE-2018-1000038 [HIGH] CWE-787 CVE-2018-1000038: In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.

CVE-2018-1000036 [MEDIUM] CWE-772 CVE-2018-1000036: In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to ca In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

CVE-2018-1000040 [MEDIUM] CWE-20 CVE-2018-1000040: In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser coul In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

CVE-2018-1000039 [MEDIUM] CWE-416 CVE-2018-1000039: In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.

CVE-2018-1000037 [MEDIUM] CWE-20 CVE-2018-1000037: In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attack In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

CVE-2016-8728 [HIGH] CWE-787 CVE-2016-8728: An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of t An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader

CVE-2016-8729 [HIGH] CWE-119 CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A sp An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.