Search CVE reports
31 – 40 of 68 results
Some fixes available 1 of 10
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Fixed |
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Vulnerable |
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Needs evaluation |
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Needs evaluation |
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 1 of 11
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Fixed |
Some fixes available 2 of 4
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential...
2 affected packages
jbig2dec, mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jbig2dec | — | — | Not affected | Not affected |
mupdf | — | — | Not affected | Not affected |
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process...
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | — | — | — | Not affected |
Some fixes available 1 of 12
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Fixed |
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
1 affected package
mupdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
mupdf | Not affected | Not affected | Not affected | Not affected |