Artifex MuPDF 1.11

CPE Details

Artifex MuPDF 1.11
artifex
mupdf
1.11
2019-06-12
09h53 +00:00
2019-06-12
09h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:*

Informations

Vendor

artifex

Product

mupdf

Version

1.11

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-4216 2022-08-26 13h25 +00:00 A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
5.5
Medium
CVE-2021-37220 2021-07-21 19h02 +00:00 MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
5.5
Medium
CVE-2020-19609 2021-07-21 12h10 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2020-16600 2020-12-09 20h06 +00:00 A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
7.8
High
CVE-2020-26519 2020-10-02 03h34 +00:00 Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
5.5
Medium
CVE-2019-14975 2019-08-14 10h46 +00:00 Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
7.1
High
CVE-2018-1000036 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
5.5
Medium
CVE-2018-1000037 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
5.5
Medium
CVE-2018-1000038 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
7.8
High
CVE-2018-1000039 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
6.3
Medium
CVE-2018-1000040 2018-05-24 11h00 +00:00 In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
5.5
Medium
CVE-2017-17866 2017-12-23 16h00 +00:00 pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
7.8
High
CVE-2017-15587 2017-10-18 06h00 +00:00 An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
7.8
High
CVE-2017-15369 2017-10-16 01h00 +00:00 The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
7.8
High
CVE-2017-14685 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.
7.8
High
CVE-2017-14686 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.
7.8
High
CVE-2017-14687 2017-09-22 04h00 +00:00 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.