Shodan
Vulnerabilities
Vulnerable Software
Artifex:  >> Mupdf  Security Vulnerabilities
CVE-2018-19777
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-11-30
CVE-2018-18662
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-10-26
CVE-2018-16647
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-09-06
CVE-2018-16648
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-09-06
CVE-2018-1000040
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-05-24
CVE-2018-1000036
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-05-24
CVE-2018-1000037
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-05-24
CVE-2018-1000038
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
CVSS Score
7.8
EPSS Score
0.009
Published
2018-05-24
CVE-2018-1000039
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
CVSS Score
7.8
EPSS Score
0.007
Published
2018-05-24
CVE-2016-8728
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-04-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved