Known Vulnerabilities for Mupdf by Artifex
Listed below are 10 of the newest known vulnerabilities associated with "Mupdf" by "Artifex".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3308 | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft ... | Not Provided | 2026-03-31 | 2026-04-01 |
| CVE-2021-37220 | MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key... | 5.5 - MEDIUM | 2021-07-21 | 2023-11-07 |
| CVE-2021-3407 | A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potentia... | 5.5 - MEDIUM | 2021-02-23 | 2023-02-12 |
| CVE-2020-26683 | A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive i... | 5.5 - MEDIUM | 2023-08-22 | 2023-08-28 |
| CVE-2020-26519 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial ... | 5.5 - MEDIUM | 2020-10-02 | 2023-11-07 |
| CVE-2020-21896 | A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software Mu... | 5.5 - MEDIUM | 2023-08-22 | 2023-08-25 |
| CVE-2020-19609 | Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files all... | 5.5 - MEDIUM | 2021-07-21 | 2023-11-07 |
| CVE-2020-16600 | A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was fo... | 7.8 - HIGH | 2020-12-09 | 2023-11-07 |
| CVE-2019-7321 | Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerabi... | 9.8 - CRITICAL | 2019-06-13 | 2020-08-24 |
| CVE-2019-6131 | svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and s... | 5.5 - MEDIUM | 2019-01-11 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Artifex | Mupdf | 2009.02.23 | All | All | All |
| Application | Artifex | Mupdf | 2008.09.02 | All | All | All |
| Application | Artifex | Mupdf | 1.9a | All | All | All |
| Application | Artifex | Mupdf | 1.9 | All | All | All |
| Application | Artifex | Mupdf | 1.9 | rc1 | All | All |
| Application | Artifex | Mupdf | 1.9 | - | All | All |
| Application | Artifex | Mupdf | 1.9 | All | All | All |
| Application | Artifex | Mupdf | 1.8.1 | All | All | All |
| Application | Artifex | Mupdf | 1.8 | rc1 | All | All |
| Application | Artifex | Mupdf | 1.8 | - | All | All |
| Application | Artifex | Mupdf | 1.7a | All | All | All |
| Application | Artifex | Mupdf | 1.7.1 | All | All | All |
| Application | Artifex | Mupdf | 1.7 | - | All | All |
| Application | Artifex | Mupdf | 1.7 | All | All | All |
| Application | Artifex | Mupdf | 1.7 | rc1 | All | All |
| Application | Artifex | Mupdf | 1.6 | All | All | All |
| Application | Artifex | Mupdf | 1.6 | All | All | All |
| Application | Artifex | Mupdf | 1.5 | All | All | All |
| Application | Artifex | Mupdf | 1.5 | All | All | All |
| Application | Artifex | Mupdf | 1.4 | All | All | All |