Artifex MuPDF 1.14.0

CPE Details

Artifex MuPDF 1.14.0
artifex
mupdf
1.14.0
2019-06-12
09h53 +00:00
2019-06-12
09h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:artifex:mupdf:1.14.0:-:*:*:*:*:*:*

Informations

Vendor

artifex

Product

mupdf

Version

1.14.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-4216 2022-08-26 13h25 +00:00 A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
5.5
Medium
CVE-2021-37220 2021-07-21 19h02 +00:00 MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
5.5
Medium
CVE-2020-19609 2021-07-21 12h10 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2020-16600 2020-12-09 20h06 +00:00 A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
7.8
High
CVE-2020-26519 2020-10-02 03h34 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2019-14975 2019-08-14 10h46 +00:00 Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
7.1
High
CVE-2019-7321 2019-06-13 15h20 +00:00 Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
9.8
Critical
CVE-2019-6130 2019-01-11 04h00 +00:00 Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.
5.5
Medium
CVE-2019-6131 2019-01-11 04h00 +00:00 svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
5.5
Medium
CVE-2018-19881 2018-12-05 23h00 +00:00 In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
5.5
Medium
CVE-2018-19882 2018-12-05 23h00 +00:00 In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
5.5
Medium
CVE-2018-19777 2018-11-30 08h00 +00:00 In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
5.5
Medium
CVE-2018-18662 2018-10-26 11h00 +00:00 There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.