PyMuPDF
Monthly
Heap overflow in MuPDF 1.27.0 PDF parser enables arbitrary code execution when victims open maliciously crafted PDF files. Integer overflow in pdf_load_image_imp function allows heap-based buffer overflow through crafted PDF image objects. Upstream fix committed (a26f0142e7) but packaged release version unconfirmed. EPSS probability low (0.02%, 4th percentile) indicates theoretical risk without active exploitation campaigns. Requires local file access and user interaction (opening malicious PDF), limiting remote attack scenarios but viable for phishing/watering hole attacks.
PyMuPDF versions up to 1.26.5 allow unauthenticated remote attackers to write arbitrary files to the system through path traversal in the embedded get function. This vulnerability enables denial of service attacks and potential system compromise without requiring authentication or user interaction. No patch is currently available.
Heap overflow in MuPDF 1.27.0 PDF parser enables arbitrary code execution when victims open maliciously crafted PDF files. Integer overflow in pdf_load_image_imp function allows heap-based buffer overflow through crafted PDF image objects. Upstream fix committed (a26f0142e7) but packaged release version unconfirmed. EPSS probability low (0.02%, 4th percentile) indicates theoretical risk without active exploitation campaigns. Requires local file access and user interaction (opening malicious PDF), limiting remote attack scenarios but viable for phishing/watering hole attacks.
PyMuPDF versions up to 1.26.5 allow unauthenticated remote attackers to write arbitrary files to the system through path traversal in the embedded get function. This vulnerability enables denial of service attacks and potential system compromise without requiring authentication or user interaction. No patch is currently available.