Vulnerabilities > Artifex > Mupdf > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-24 | CVE-2018-1000037 | Improper Input Validation vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | 5.5 |
| 2018-05-24 | CVE-2018-1000036 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | 5.5 |
| 2017-12-27 | CVE-2017-17866 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-10-16 | CVE-2017-15369 | Use After Free vulnerability in Artifex Mupdf The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-02-15 | CVE-2016-8674 | Use After Free vulnerability in Artifex Mupdf The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. | 5.5 |
| 2017-02-15 | CVE-2017-5896 | Out-of-bounds Read vulnerability in Artifex Mupdf Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | 5.5 |
| 2017-02-15 | CVE-2017-5991 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. | 7.5 |
| 2016-09-22 | CVE-2016-6525 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | 9.8 |
| 2016-09-22 | CVE-2016-6265 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | 5.5 |