threat
engine
.sh
Back
·
··:··
Home
/
Product
/
artifex mupdf
Product
artifex mupdf
65 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-7233
<= 1.27.2
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the f
3.3
LOW
CVE-2026-25556
>= 1.23.0 and <= 1.27.0
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception o
7.5
HIGH
CVE-2025-55780
>= 1.24.0 and < 1.26.7
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB d
7.5
HIGH
CVE-2025-46206
<= 1.25.6
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `m
6.5
MEDIUM
CVE-2024-46657
all versions
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerab
5.5
MEDIUM
CVE-2024-24259
all versions
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
7.5
HIGH
CVE-2024-24258
all versions
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
7.5
HIGH
CVE-2023-51107
all versions
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jqu
7.5
HIGH
CVE-2023-51106
all versions
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of lo
7.5
HIGH
CVE-2023-51105
all versions
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4()
7.5
HIGH
CVE-2023-51104
all versions
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image
7.5
HIGH
CVE-2023-51103
all versions
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_fro
7.5
HIGH
CVE-2023-31794
all versions
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attac
5.5
MEDIUM
CVE-2020-26683
all versions
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive inform
5.5
MEDIUM
CVE-2020-21896
all versions
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1
5.5
MEDIUM
CVE-2021-4216
< 1.20.0
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.2
5.5
MEDIUM
CVE-2021-37220
<= 1.18.1
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size
5.5
MEDIUM
CVE-2020-19609
< 1.18.0
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing
5.5
MEDIUM
CVE-2021-3407
all versions
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential con
5.5
MEDIUM
CVE-2020-16600
<= 1.16.1
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followe
7.8
HIGH
CVE-2020-26519
< 1.18.0
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of se
5.5
MEDIUM
CVE-2012-5340
all versions
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF fil
7.8
HIGH
CVE-2019-14975
< 1.16.0
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does n
7.1
HIGH
CVE-2019-13290
all versions
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote att
7.8
HIGH
CVE-2019-7321
all versions
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability
9.8
CRITICAL
CVE-2019-6131
all versions
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_ru
5.5
MEDIUM
CVE-2019-6130
all versions
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is relat
5.5
MEDIUM
CVE-2018-19882
all versions
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_at
5.5
MEDIUM
CVE-2018-19881
all versions
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xm
5.5
MEDIUM
CVE-2018-19777
all versions
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutoo
5.5
MEDIUM
CVE-2018-18662
all versions
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
5.5
MEDIUM
CVE-2018-16648
all versions
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmen
5.5
MEDIUM
CVE-2018-16647
all versions
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (s
5.5
MEDIUM
CVE-2018-1000040
<= 1.12.0
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a
5.5
MEDIUM
CVE-2018-1000039
<= 1.12.0
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitr
6.3
MEDIUM
CVE-2018-1000038
<= 1.12.0
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an att
7.8
HIGH
CVE-2018-1000037
<= 1.12.0
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of servic
5.5
MEDIUM
CVE-2018-1000036
<= 1.12.0
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memor
5.5
MEDIUM
CVE-2016-8729
all versions
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause
7.8
HIGH
CVE-2016-8728
all versions
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially
7.8
HIGH
CVE-2018-10289
all versions
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leve
5.5
MEDIUM
CVE-2018-1000051
all versions
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible cod
7.8
HIGH
CVE-2018-6544
all versions
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of
5.5
MEDIUM
CVE-2018-6192
all versions
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (se
5.5
MEDIUM
CVE-2018-6187
all versions
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-w
5.5
MEDIUM
CVE-2017-17858
all versions
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to
7.8
HIGH
CVE-2018-5686
all versions
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) be
5.5
MEDIUM
CVE-2017-17866
< 1.12.0
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean ope
7.8
HIGH
CVE-2017-15587
all versions
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
7.8
HIGH
CVE-2017-15369
<= 1.11
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable
7.8
HIGH
CVE-2017-14687
all versions
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file
7.8
HIGH
CVE-2017-14686
all versions
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "
7.8
HIGH
CVE-2017-14685
all versions
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file
7.8
HIGH
CVE-2016-10221
all versions
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of servi
4.3
MEDIUM
CVE-2017-7264
all versions
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers t
5.3
MEDIUM
CVE-2016-10247
<= 1.10
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote
5.5
MEDIUM
CVE-2016-10246
<= 1.10
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attack
5.5
MEDIUM
CVE-2017-6060
all versions
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have uns
7.8
HIGH
CVE-2016-8674
<= 1.9a
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free
5.5
MEDIUM
CVE-2017-5896
<= 1.10
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a
5.5
MEDIUM
CVE-2017-5991
< 1.11
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-r
7.5
HIGH
CVE-2016-6525
<= 1.9
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a den
9.8
CRITICAL
CVE-2016-6265
<= 1.9
Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of
5.5
MEDIUM
CVE-2014-2013
<= 1.3
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers t
CVE-2011-0341
all versions
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin