Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mupdf
(Artifex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 60 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-16 | CVE-2017-15369 | The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. | Mupdf | 7.8 | ||
| 2017-10-18 | CVE-2017-15587 | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | Mupdf | 7.8 | ||
| 2018-01-22 | CVE-2017-17858 | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | Mupdf | 7.8 | ||
| 2018-02-02 | CVE-2018-6544 | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | Mupdf, Debian_linux | 5.5 | ||
| 2018-05-24 | CVE-2018-1000037 | In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | Mupdf, Debian_linux | 5.5 | ||
| 2018-05-24 | CVE-2018-1000038 | In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | Mupdf | 7.8 | ||
| 2018-05-24 | CVE-2018-1000039 | In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | Mupdf | 7.8 | ||
| 2018-05-24 | CVE-2018-1000040 | In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | Mupdf, Debian_linux | 5.5 | ||
| 2018-11-30 | CVE-2018-19777 | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | Mupdf, Debian_linux | 5.5 | ||
| 2018-12-06 | CVE-2018-19881 | In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. | Mupdf | 5.5 |