Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifex mupdf vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-6131
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
Artifex Mupdf 1.14.0
6.8
CVSSv2
CVE-2016-8728
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code executi...
Artifex Mupdf 1.10
6.8
CVSSv2
CVE-2019-13290
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote malicious users to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a displ...
Artifex Mupdf 1.15.0
6.8
CVSSv2
CVE-2017-17858
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote malicious user to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
Artifex Mupdf 1.12.0
1 Github repository
6.8
CVSSv2
CVE-2017-14686
Artifex MuPDF 1.11 allows malicious users to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_im...
Artifex Mupdf 1.11
4.3
CVSSv2
CVE-2018-18662
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
Artifex Mupdf 1.14.0
4.3
CVSSv2
CVE-2018-19881
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote malicious users to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
Artifex Mupdf 1.14.0
4.3
CVSSv2
CVE-2018-19882
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote malicious users to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
Artifex Mupdf 1.14.0
9.3
CVSSv2
CVE-2011-0341
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote malicious users to execute arbitrary code via a crafted web site.
Artifex Mupdf 2008.09.02
4.3
CVSSv2
CVE-2021-37220
MuPDF up to and including 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
Artifex Mupdf
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »