Mupdf
Monthly
Out-of-bounds read in Artifex MuPDF up to version 1.28.0 within the CFF Index Handler's fz_subset_cff_for_gids function allows local attackers with low privileges to disclose sensitive information from application memory. The vulnerability requires local access and low privilege level but can be triggered without user interaction; publicly available exploit code exists and the vulnerability remains unpatched as of the last vendor response.
MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.
Heap overflow in MuPDF 1.27.0 PDF parser enables arbitrary code execution when victims open maliciously crafted PDF files. Integer overflow in pdf_load_image_imp function allows heap-based buffer overflow through crafted PDF image objects. Upstream fix committed (a26f0142e7) but packaged release version unconfirmed. EPSS probability low (0.02%, 4th percentile) indicates theoretical risk without active exploitation campaigns. Requires local file access and user interaction (opening malicious PDF), limiting remote attack scenarios but viable for phishing/watering hole attacks.
MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Out-of-bounds read in Artifex MuPDF up to version 1.28.0 within the CFF Index Handler's fz_subset_cff_for_gids function allows local attackers with low privileges to disclose sensitive information from application memory. The vulnerability requires local access and low privilege level but can be triggered without user interaction; publicly available exploit code exists and the vulnerability remains unpatched as of the last vendor response.
MuPDF mutool fails to sanitize PDF metadata before displaying it in terminal output, allowing local attackers to inject ANSI escape sequences through crafted PDF files. When a user runs mutool info on a malicious PDF, embedded escape codes can clear the terminal and display fabricated text for social engineering attacks such as fake login prompts or spoofed shell commands. This is a low-severity local vulnerability (CVSS 3.3) requiring user interaction, with a vendor-released patch available.
Heap overflow in MuPDF 1.27.0 PDF parser enables arbitrary code execution when victims open maliciously crafted PDF files. Integer overflow in pdf_load_image_imp function allows heap-based buffer overflow through crafted PDF image objects. Upstream fix committed (a26f0142e7) but packaged release version unconfirmed. EPSS probability low (0.02%, 4th percentile) indicates theoretical risk without active exploitation campaigns. Requires local file access and user interaction (opening malicious PDF), limiting remote attack scenarios but viable for phishing/watering hole attacks.
MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.