Artifex MuPDF 1.14.0

CPE Details

Artifex MuPDF 1.14.0
1.14.0
2019-06-12
09h53 +00:00
2019-06-12
09h53 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:artifex:mupdf:1.14.0:-:*:*:*:*:*:*

Informations

Vendor

artifex

Product

mupdf

Version

1.14.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-4216 2022-08-26 13h25 +00:00 A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
5.5
Medium
CVE-2021-37220 2021-07-21 19h02 +00:00 MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
5.5
Medium
CVE-2020-19609 2021-07-21 12h10 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2020-16600 2020-12-09 20h06 +00:00 A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
7.8
High
CVE-2020-26519 2020-10-02 03h34 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2019-14975 2019-08-14 10h46 +00:00 Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
7.1
High
CVE-2019-7321 2019-06-13 15h20 +00:00 Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
9.8
Critical
CVE-2019-6130 2019-01-11 04h00 +00:00 Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
5.5
Medium
CVE-2019-6131 2019-01-11 04h00 +00:00 svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
5.5
Medium
CVE-2018-19881 2018-12-05 23h00 +00:00 In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
5.5
Medium
CVE-2018-19882 2018-12-05 23h00 +00:00 In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
5.5
Medium
CVE-2018-19777 2018-11-30 08h00 +00:00 In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
5.5
Medium
CVE-2018-18662 2018-10-26 11h00 +00:00 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
5.5
Medium