Artifex Software Inc Mupdf vulnerabilities

CVE-2026-40505 [MEDIUM] CWE-150 CVE-2026-40505: MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when running mutool info, enabling them to clear the terminal

CVE-2016-8728 [HIGH] CWE-787 CVE-2016-8728: An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of t An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader

CVE-2016-8729 [HIGH] CWE-119 CVE-2016-8729: An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A sp An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.