Vulnerabilities > Artifex > Mupdf > 1.14.0

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-37220 Out-of-bounds Write vulnerability in multiple products
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table.
local
low complexity
artifex fedoraproject CWE-787
5.5
5.5
2021-07-21 CVE-2020-19609 Out-of-bounds Write vulnerability in multiple products
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
local
low complexity
artifex debian CWE-787
5.5
5.5
2020-12-09 CVE-2020-16600 Use After Free vulnerability in Artifex Mupdf
A Use After Free vulnerability exists in Artifex Software, Inc.
local
low complexity
artifex CWE-416
7.8
7.8
2020-10-02 CVE-2020-26519 Out-of-bounds Write vulnerability in multiple products
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
local
low complexity
artifex debian fedoraproject CWE-787
5.5
5.5
2019-08-14 CVE-2019-14975 Out-of-bounds Read vulnerability in Artifex Mupdf
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
local
low complexity
artifex CWE-125
7.1
7.1
2019-06-13 CVE-2019-7321 Use of Uninitialized Resource vulnerability in Artifex Mupdf 1.14.0
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
network
low complexity
artifex CWE-908
7.5
7.5
2019-01-11 CVE-2019-6131 Uncontrolled Recursion vulnerability in Artifex Mupdf 1.14.0
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
local
low complexity
artifex CWE-674
5.5
5.5
2019-01-11 CVE-2019-6130 Range Error vulnerability in Artifex Mupdf 1.14.0
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool.
local
low complexity
artifex CWE-118
5.5
5.5
2018-12-06 CVE-2018-19882 NULL Pointer Dereference vulnerability in Artifex Mupdf 1.14.0
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
local
low complexity
artifex CWE-476
5.5
5.5
2018-12-06 CVE-2018-19881 Resource Exhaustion vulnerability in Artifex Mupdf 1.14.0
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
local
low complexity
artifex CWE-400
5.5
5.5