Vulnerabilities > Artifex > Mupdf > 1.10

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-37220 Out-of-bounds Write vulnerability in multiple products
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table.
local
low complexity
artifex fedoraproject CWE-787
5.5
5.5
2021-07-21 CVE-2020-19609 Out-of-bounds Write vulnerability in multiple products
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
local
low complexity
artifex debian CWE-787
5.5
5.5
2020-12-09 CVE-2020-16600 Use After Free vulnerability in Artifex Mupdf
A Use After Free vulnerability exists in Artifex Software, Inc.
local
low complexity
artifex CWE-416
7.8
7.8
2020-10-02 CVE-2020-26519 Out-of-bounds Write vulnerability in multiple products
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
local
low complexity
artifex debian fedoraproject CWE-787
5.5
5.5
2019-08-14 CVE-2019-14975 Out-of-bounds Read vulnerability in Artifex Mupdf
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
local
low complexity
artifex CWE-125
7.1
7.1
2018-05-24 CVE-2018-1000040 Improper Input Validation vulnerability in multiple products
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
local
low complexity
artifex debian CWE-20
5.5
5.5
2018-05-24 CVE-2018-1000039 Use After Free vulnerability in Artifex Mupdf
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
local
low complexity
artifex CWE-416
7.8
7.8
2018-05-24 CVE-2018-1000038 Out-of-bounds Write vulnerability in Artifex Mupdf
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
local
low complexity
artifex CWE-787
7.8
7.8
2018-05-24 CVE-2018-1000037 Improper Input Validation vulnerability in multiple products
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
local
low complexity
artifex debian CWE-20
5.5
5.5
2018-05-24 CVE-2018-1000036 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. 		4.3
4.3