Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifex mupdf vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-2013
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and previous versions allows remote malicious users to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
Artifex Mupdf 1.0
Artifex Mupdf 1.2
Artifex Mupdf 1.1
Artifex Mupdf
1 EDB exploit
6.8
CVSSv2
CVE-2020-16600
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and previous versions when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
Artifex Mupdf 1.17.0
Artifex Mupdf
6.8
CVSSv2
CVE-2012-5340
SumatraPDF 2.1.1/MuPDF 1.0 allows remote malicious users to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
Sumatrapdfreader Sumatrapdf 2.1.1
Artifex Mupdf 1.0
Artifex Mupdf 1.1
1 EDB exploit
4.3
CVSSv2
CVE-2017-5896
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted image.
Artifex Mupdf
5.8
CVSSv2
CVE-2019-14975
Artifex MuPDF prior to 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
Artifex Mupdf
6.8
CVSSv2
CVE-2017-15369
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF prior to 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote malicious users to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) o...
Artifex Mupdf
NA
CVE-2021-4216
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
Artifex Mupdf
4.3
CVSSv2
CVE-2016-8674
The pdf_to_num function in pdf-object.c in MuPDF prior to 1.10 allows remote malicious users to cause a denial of service (use-after-free and application crash) via a crafted file.
Artifex Mupdf
6.8
CVSSv2
CVE-2018-1000038
In MuPDF 1.12.0 and previous versions, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an malicious user to execute arbitrary code via a crafted file.
Artifex Mupdf
6.8
CVSSv2
CVE-2018-1000039
In MuPDF 1.12.0 and previous versions, multiple heap use after free bugs in the PDF parser could allow an malicious user to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Artifex Mupdf
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »