Vulnerabilities > Artifex > Mupdf > 1.12.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-24 | CVE-2018-1000036 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | 5.5 |
| 2018-02-09 | CVE-2018-1000051 | Use After Free vulnerability in multiple products Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. | 7.8 |
| 2018-02-02 | CVE-2018-6544 | Uncontrolled Recursion vulnerability in multiple products pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 5.5 |
| 2018-01-24 | CVE-2018-6192 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | 5.5 |
| 2018-01-24 | CVE-2018-6187 | Out-of-bounds Write vulnerability in multiple products In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. | 5.5 |
| 2018-01-22 | CVE-2017-17858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.12.0 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | 7.8 |
| 2018-01-14 | CVE-2018-5686 | Infinite Loop vulnerability in multiple products In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. | 5.5 |
| 2017-12-27 | CVE-2017-17866 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |