mupdf

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight PDF and XPS viewer
Version 1.25.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2205 1.18.0-2 1.19.0-1 Medium Fixed
AVG-1602 1.18.0-1 1.18.0-2 Medium Fixed FS#70054
AVG-609 1.12.0-2 1.13.0-1 High Fixed FS#57486
AVG-599 1.12.0-1 1.12.0-2 High Fixed
AVG-458 1.11-4 1.11-5 High Fixed
AVG-220 1.9_a-5 1.10-1 Medium Fixed
AVG-218 1.10_a-2 High Not affected
Issue Group Severity Remote Type Description
CVE-2021-37220 AVG-2205 Medium Yes Arbitrary code execution
MuPDF before version 1.19.0 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table....
CVE-2021-3407 AVG-1602 Medium No Arbitrary code execution
A security issue was found in mupdf 1.18.0. Double free of an object during linearization may lead to memory corruption and other potential consequences.
CVE-2018-1000051 AVG-609 High No Arbitrary code execution
Artifex Mupdf version 1.12.0 contains a use-after-free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack...
CVE-2018-6544 AVG-609 Medium Yes Denial of service
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows...
CVE-2018-6192 AVG-609 Medium No Denial of service
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf- xref.c allows remote attackers to cause a denial of service (segmentation violation and...
CVE-2018-6187 AVG-609 Medium No Denial of service
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf- write.c file. Remote...
CVE-2018-5686 AVG-609 Medium No Denial of service
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not...
CVE-2017-17858 AVG-599 High No Arbitrary code execution
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows an attacker to potentially execute arbitrary...
CVE-2017-15587 AVG-458 High No Arbitrary code execution
An integer overflow leading to an out-of-bounds wrte has been found in mupdf <= 1.11. The parsing of a crafted PDF might allow an attacker to write...
CVE-2017-14687 AVG-458 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because of...
CVE-2017-14686 AVG-458 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file. This occurs because read_zip_dir_imp in...
CVE-2017-14685 AVG-458 High No Arbitrary code execution
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file. This occurs because...
CVE-2017-6060 AVG-218 High No Arbitrary code execution
A stack-based buffer overflow has been discovered in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a that allows remote attackers to case a...
CVE-2016-10247 AVG-220 Medium No Denial of service
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a...
CVE-2016-10246 AVG-220 Medium No Denial of service
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of...

Advisories

Date Advisory Group Severity Type
09 May 2018 ASA-201805-4 AVG-609 High multiple issues
30 Jan 2018 ASA-201801-27 AVG-599 High arbitrary code execution
01 Nov 2017 ASA-201711-4 AVG-458 High arbitrary code execution