Filtered by vendor Artifex
Subscriptions
Filtered by product Mupdf
Subscriptions
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6187 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-11 | N/A |
| In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | ||||
| CVE-2017-15587 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
| An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | ||||
| CVE-2020-26683 | 1 Artifex | 1 Mupdf | 2024-09-11 | 5.5 Medium |
| A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. | ||||
| CVE-2019-7321 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
| Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | ||||
| CVE-2019-6131 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
| svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. | ||||
| CVE-2019-6130 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
| Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | ||||
| CVE-2018-1000051 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-11 | N/A |
| Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | ||||
| CVE-2023-51107 | 1 Artifex | 1 Mupdf | 2024-09-09 | 7.5 High |
| A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product. | ||||
| CVE-2023-31794 | 1 Artifex | 1 Mupdf | 2024-09-05 | 5.5 Medium |
| MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
| CVE-2014-2013 | 1 Artifex | 1 Mupdf | 2024-08-06 | N/A |
| Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element. | ||||
| CVE-2016-8674 | 1 Artifex | 1 Mupdf | 2024-08-06 | N/A |
| The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. | ||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-06 | N/A |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | ||||
| CVE-2016-6265 | 2 Artifex, Opensuse | 3 Mupdf, Leap, Opensuse | 2024-08-06 | N/A |
| Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | ||||
| CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-05 | N/A |
| pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
| CVE-2017-17858 | 1 Artifex | 1 Mupdf | 2024-08-05 | N/A |
| Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | ||||
| CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | ||||
| CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
| Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | ||||
| CVE-2017-14685 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | ||||
| CVE-2017-7264 | 1 Artifex | 1 Mupdf | 2024-08-05 | 5.3 Medium |
| Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2017-5991 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-05 | 7.5 High |
| An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | ||||