Artifex Mupdf vulnerabilities

CVE-2016-8674 [MEDIUM] CWE-416 CVE-2016-8674: The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a deni The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.

CVE-2016-6525 [CRITICAL] CWE-119 CVE-2016-6525: Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows r Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

CVE-2016-6265 [MEDIUM] CWE-416 CVE-2016-6265: Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2014-2013 [HIGH] CWE-119 CVE-2014-2013: Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and ear Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.

CVE-2011-0341 [CRITICAL] CWE-119 CVE-2011-0341: Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF p Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.