cbcvebase.

Artifex Mupdf vulnerabilities

68 known vulnerabilities affecting artifex/mupdf.

Total CVEs
68
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH28MEDIUM36LOW1

Vulnerabilities

Page 4 of 4
CVE-2024-46657P4MEDIUMCVSS 5.5v1.24.92024-12-10
CVE-2024-46657 [MEDIUM] CWE-120 CVE-2024-46657: Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /too Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
nvdosv
CVE-2018-19882P4MEDIUMCVSS 5.5v1.14.02018-12-06
CVE-2018-19882 [MEDIUM] CWE-476 CVE-2018-19882: In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to caus In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
nvdosv
CVE-2018-19777P4MEDIUMCVSS 5.5v1.14.02018-11-30
CVE-2018-19777 [MEDIUM] CWE-835 CVE-2018-19777: In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-devi In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
nvdosv
CVE-2018-10289P4MEDIUMCVSS 5.5v1.13.02018-04-22
CVE-2018-10289 [MEDIUM] CWE-835 CVE-2018-10289: In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
nvdosv
CVE-2018-1000036P4MEDIUMCVSS 5.5≤ 1.12.02018-05-24
CVE-2018-1000036 [MEDIUM] CWE-772 CVE-2018-1000036: In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to ca In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
nvdosv
CVE-2016-10221P4MEDIUMCVSS 4.3v1.10a2017-04-03
CVE-2016-10221 [MEDIUM] CWE-119 CVE-2016-10221: The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attack The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document.
nvd
CVE-2023-31794P4MEDIUMCVSS 5.5v1.21.12023-10-31
CVE-2023-31794 [MEDIUM] CWE-674 CVE-2023-31794: MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. T MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
nvdosv
CVE-2026-40505P4LOWCVSS 3.3fixed in 1.27.02026-04-16
CVE-2026-40505 [LOW] CWE-150 CVE-2026-40505: MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display fo
nvd
Artifex Mupdf vulnerabilities | cvebase