Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mupdf
(Artifex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 60 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-18 | CVE-2017-15587 | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | Mupdf | 7.8 | ||
| 2018-01-24 | CVE-2018-6187 | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | Mupdf, Debian_linux | 5.5 | ||
| 2018-01-24 | CVE-2018-6192 | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | Mupdf, Debian_linux | 5.5 | ||
| 2018-02-09 | CVE-2018-1000051 | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | Mupdf, Debian_linux | 7.8 | ||
| 2019-01-11 | CVE-2019-6130 | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | Mupdf | 5.5 | ||
| 2019-01-11 | CVE-2019-6131 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. | Mupdf | 5.5 | ||
| 2019-06-13 | CVE-2019-7321 | Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | Mupdf | 9.8 | ||
| 2017-03-26 | CVE-2017-7264 | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | Mupdf | 7.8 | ||
| 2018-05-24 | CVE-2018-1000037 | In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | Mupdf, Debian_linux | 5.5 | ||
| 2018-05-24 | CVE-2018-1000038 | In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | Mupdf | 7.8 |