Description
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
Published: 2026-03-31
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via heap out‑of‑bounds write
Action: Immediate Patch
AI Analysis

Impact

An integer overflow occurs in the pdf_image.c component of MuPDF version 1.27.0 when processing a PDF image. The overflow allows data to be written beyond the intended heap buffer within the pdf_load_image_imp function, potentially corrupting adjacent memory and yielding an arbitrary code execution path for the process that has access to the MuPDF library. The weakness is classified as CWE‑190, integer overflow.

Affected Systems

The vulnerability affects Artifex Software Inc.’s MuPDF (also known as PyMuPDF) at version 1.27.0. Systems that rely on this specific release to render or manipulate PDF documents are susceptible to the overflow; no other versions or products are listed as affected in the current advisory.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while an EPSS score below 1% suggests a low short‑term exploitation probability. The vulnerability is not present in the CISA KEV catalog, meaning no widespread attacks have been reported. The attack likely requires delivery of a malicious PDF to a MuPDF instance, which can occur locally or during remote download; exploitation would need the vulnerable binary to run with sufficient privileges to compromise the system context.

Generated by OpenCVE AI on April 2, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MuPDF to the latest version that includes the integer overflow fix.
  • If upgrading immediately is not feasible, segregate environments that process PDFs from trusted sources or temporarily block untrusted PDF input.

Generated by OpenCVE AI on April 2, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4540-1 mupdf security update
Debian DSA Debian DSA DSA-6218-1 mupdf security update
History

Tue, 21 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-680
References

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Artifex
Artifex mupdf
Weaknesses CWE-122
CWE-680
Vendors & Products Artifex
Artifex mupdf

Tue, 31 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
Title CVE-2026-3308
References

Subscriptions

Artifex Mupdf
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-04-21T09:32:51.075Z

Reserved: 2026-02-26T21:04:05.303Z

Link: CVE-2026-3308

cve-icon Vulnrichment

Updated: 2026-04-21T09:32:51.075Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T14:16:12.560

Modified: 2026-04-21T10:16:30.430

Link: CVE-2026-3308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:32Z

Weaknesses