CVE Vulnerabilities for mutool
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2023‑51107 | 2023‑12‑26 15:15:09 | HIGH (8) | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product. | 4 | 4 | NETWORK |
| CVE‑2023‑51105 | 2023‑12‑26 15:15:09 | HIGH (8) | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. | 4 | 4 | NETWORK |
| CVE‑2023‑51104 | 2023‑12‑26 15:15:09 | HIGH (8) | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. | 4 | 4 | NETWORK |
| CVE‑2023‑51103 | 2023‑12‑26 15:15:09 | HIGH (8) | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c. | 4 | 4 | NETWORK |
| CVE‑2020‑26683 | 2023‑08‑22 19:16:20 | MEDIUM (6) | A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. | 2 | 4 | LOCAL |
| CVE‑2020‑26519 | 2020‑10‑02 06:15:12 | MEDIUM (6) | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | 2 | 4 | LOCAL |
| CVE‑2020‑21896 | 2023‑08‑22 19:16:19 | MEDIUM (6) | A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. | 2 | 4 | LOCAL |
| CVE‑2020‑19609 | 2021‑07‑21 15:15:13 | MEDIUM (6) | Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. | 2 | 4 | LOCAL |
| CVE‑2020‑16600 | 2020‑12‑09 21:15:15 | HIGH (8) | A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. | 2 | 6 | LOCAL |
| CVE‑2019‑7321 | 2019‑06‑13 18:29:01 | HIGH (8) | Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | 0 | 0 | NETWORK |
| CVE‑2019‑6131 | 2019‑01‑11 05:29:02 | MEDIUM (4) | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. | 0 | 0 | NETWORK |
| CVE‑2019‑6130 | 2019‑01‑11 05:29:02 | MEDIUM (4) | Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | 0 | 0 | NETWORK |
| CVE‑2019‑14975 | 2019‑08‑14 13:15:11 | MEDIUM (6) | Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. | 0 | 0 | NETWORK |
| CVE‑2019‑13290 | 2019‑07‑04 22:15:11 | MEDIUM (7) | Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. | 0 | 0 | NETWORK |
| CVE‑2018‑6544 | 2018‑02‑02 09:29:01 | MEDIUM (4) | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 0 | 0 | NETWORK |
| CVE‑2018‑6192 | 2018‑01‑24 21:29:00 | MEDIUM (4) | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | 0 | 0 | NETWORK |
| CVE‑2018‑6187 | 2018‑01‑24 10:29:01 | MEDIUM (4) | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | 0 | 0 | NETWORK |
| CVE‑2018‑19882 | 2018‑12‑06 00:29:00 | MEDIUM (4) | In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. | 0 | 0 | NETWORK |
| CVE‑2018‑19881 | 2018‑12‑06 00:29:00 | MEDIUM (4) | In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. | 0 | 0 | NETWORK |
| CVE‑2018‑19777 | 2018‑11‑30 10:29:00 | MEDIUM (4) | In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | 0 | 0 | NETWORK |
| CVE‑2018‑18662 | 2018‑10‑26 14:29:03 | MEDIUM (4) | There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | 0 | 0 | NETWORK |
| CVE‑2018‑16648 | 2018‑09‑06 23:29:02 | MEDIUM (4) | In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. | 0 | 0 | NETWORK |
| CVE‑2018‑16647 | 2018‑09‑06 23:29:02 | MEDIUM (4) | In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. | 0 | 0 | NETWORK |
| CVE‑2018‑100005 | 2018‑02‑09 23:29:02 | MEDIUM (7) | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | 0 | 0 | NETWORK |
| CVE‑2018‑100004 | 2018‑05‑24 13:29:01 | MEDIUM (4) | In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | 0 | 0 | NETWORK |
| CVE‑2018‑100003 | 2018‑05‑24 13:29:01 | MEDIUM (6) | In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | 3 | 3 | NETWORK |
| CVE‑2017‑7264 | 2017‑03‑26 05:59:00 | MEDIUM (5) | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | 4 | 1 | NETWORK |
| CVE‑2017‑6060 | 2017‑03‑15 14:59:01 | HIGH (8) | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | 2 | 6 | LOCAL |
| CVE‑2017‑5991 | 2017‑02‑15 06:59:01 | HIGH (8) | An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | 4 | 4 | NETWORK |
| CVE‑2017‑17866 | 2017‑12‑27 17:08:21 | MEDIUM (7) | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | 0 | 0 | NETWORK |
| CVE‑2017‑17858 | 2018‑01‑22 15:29:00 | MEDIUM (7) | Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | 0 | 0 | NETWORK |
| CVE‑2017‑15587 | 2017‑10‑18 08:29:00 | MEDIUM (7) | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | 0 | 0 | NETWORK |
| CVE‑2017‑15369 | 2017‑10‑16 01:29:01 | MEDIUM (7) | The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. | 0 | 0 | NETWORK |
| CVE‑2017‑14687 | 2017‑09‑22 06:29:00 | MEDIUM (7) | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | 0 | 0 | NETWORK |
| CVE‑2017‑14686 | 2017‑09‑22 06:29:00 | MEDIUM (7) | Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | 0 | 0 | NETWORK |
| CVE‑2017‑14685 | 2017‑09‑22 06:29:00 | MEDIUM (7) | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | 0 | 0 | NETWORK |
| CVE‑2016‑8729 | 2018‑04‑24 19:29:00 | HIGH (8) | An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. | 2 | 6 | LOCAL |
| CVE‑2016‑10247 | 2017‑03‑16 14:59:00 | MEDIUM (6) | Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 2 | 4 | LOCAL |
| CVE‑2016‑10246 | 2017‑03‑16 14:59:00 | MEDIUM (6) | Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | 2 | 4 | LOCAL |
| CVE‑2016‑10221 | 2017‑04‑03 05:59:00 | MEDIUM (4) | The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. | 3 | 1 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.