Vulnerabilities > Artifex > Mupdf
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-11 | CVE-2019-6130 | Range Error vulnerability in Artifex Mupdf 1.14.0 Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. | 5.5 |
| 2018-12-06 | CVE-2018-19882 | NULL Pointer Dereference vulnerability in Artifex Mupdf 1.14.0 In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. | 5.5 |
| 2018-12-06 | CVE-2018-19881 | Resource Exhaustion vulnerability in Artifex Mupdf 1.14.0 In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl. | 5.5 |
| 2018-11-30 | CVE-2018-19777 | Infinite Loop vulnerability in multiple products In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | 5.5 |
| 2018-10-26 | CVE-2018-18662 | Out-of-bounds Read vulnerability in Artifex Mupdf 1.14.0 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | 4.3 |
| 2018-09-06 | CVE-2018-16648 | Improper Validation of Array Index vulnerability in Artifex Mupdf 1.13.0 In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. | 4.3 |
| 2018-09-06 | CVE-2018-16647 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.13.0 In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. | 4.3 |
| 2018-05-24 | CVE-2018-1000040 | Improper Input Validation vulnerability in multiple products In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | 5.5 |
| 2018-05-24 | CVE-2018-1000039 | Use After Free vulnerability in Artifex Mupdf In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | 7.8 |
| 2018-05-24 | CVE-2018-1000038 | Out-of-bounds Write vulnerability in Artifex Mupdf In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | 7.8 |