This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Artifex First view 2011-05-13
Product Mupdf Last view 2024-02-05
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:artifex:mupdf:1.0:*:*:*:*:*:*:* 22
cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:iphone_os:*:* 22
cpe:2.3:a:artifex:mupdf:1.2:*:*:*:*:*:*:* 21
cpe:2.3:a:artifex:mupdf:1.1:*:*:*:*:*:*:* 21
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* 21
cpe:2.3:a:artifex:mupdf:1.10a:*:*:*:*:*:*:* 20
cpe:2.3:a:artifex:mupdf:1.9:*:*:*:*:*:*:* 20
cpe:2.3:a:artifex:mupdf:1.10:rc1:*:*:*:*:*:* 18
cpe:2.3:a:artifex:mupdf:1.11:*:*:*:*:*:*:* 17
cpe:2.3:a:artifex:mupdf:1.12.0:*:*:*:*:*:*:* 16
cpe:2.3:a:artifex:mupdf:1.14.0:*:*:*:*:*:*:* 13
cpe:2.3:a:artifex:mupdf:1.12.0:-:*:*:*:*:*:* 12
cpe:2.3:a:artifex:mupdf:1.13.0:*:*:*:*:*:*:* 9
cpe:2.3:a:artifex:mupdf:1.15.0:*:*:*:*:*:*:* 7
cpe:2.3:a:artifex:mupdf:1.16.0:-:*:*:*:*:*:* 6
cpe:2.3:a:artifex:mupdf:1.17.0:rc1:*:*:*:*:*:* 5
cpe:2.3:a:artifex:mupdf:1.17.0:-:*:*:*:*:*:* 5
cpe:2.3:a:artifex:mupdf:1.23.4:*:*:*:*:*:*:* 5
cpe:2.3:a:artifex:mupdf:1.18.0:-:*:*:*:*:*:* 3
cpe:2.3:a:artifex:mupdf:1.23.9:*:*:*:*:*:*:* 2
cpe:2.3:a:artifex:mupdf:2008.09.02:*:*:*:*:*:*:* 1
cpe:2.3:a:artifex:mupdf:1.21.1:*:*:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2024-02-05 CVE-2024-24259

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

7.5 2024-02-05 CVE-2024-24258

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

7.5 2023-12-26 CVE-2023-51107

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c.

7.5 2023-12-26 CVE-2023-51106

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

7.5 2023-12-26 CVE-2023-51105

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.

7.5 2023-12-26 CVE-2023-51104

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

7.5 2023-12-26 CVE-2023-51103

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c.

5.5 2023-10-31 CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

5.5 2023-08-22 CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

5.5 2023-08-22 CVE-2020-21896

A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.

5.5 2022-08-26 CVE-2021-4216

A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.

5.5 2021-07-21 CVE-2021-37220

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

5.5 2021-07-21 CVE-2020-19609

Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.

5.5 2021-02-23 CVE-2021-3407

A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.

7.8 2020-12-09 CVE-2020-16600

A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.

5.5 2020-10-02 CVE-2020-26519

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

7.8 2020-01-23 CVE-2012-5340

SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.

7.1 2019-08-14 CVE-2019-14975

Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

7.8 2019-07-04 CVE-2019-13290

Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.

9.8 2019-06-13 CVE-2019-7321

Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.

5.5 2019-01-11 CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

5.5 2019-01-11 CVE-2019-6130

Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c.

5.5 2018-12-05 CVE-2018-19882

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.

5.5 2018-12-05 CVE-2018-19881

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

5.5 2018-11-30 CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

CWE : Common Weakness Enumeration

%idName
21% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
19% (11) CWE-787 Out-of-bounds Write
14% (8) CWE-416 Use After Free
10% (6) CWE-369 Divide By Zero
5% (3) CWE-674 Uncontrolled Recursion
5% (3) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
5% (3) CWE-125 Out-of-bounds Read
3% (2) CWE-476 NULL Pointer Dereference
3% (2) CWE-190 Integer Overflow or Wraparound
3% (2) CWE-20 Improper Input Validation
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-415 Double Free
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-129 Improper Validation of Array Index
1% (1) CWE-118 Improper Access of Indexable Resource ('Range Error')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:24529 DSA-2951-1 mupdf - security update

Open Source Vulnerability Database (OSVDB)

id Description
72177 MuPDF Plugin for Firefox apps/mozilla/moz_main.c pdfmoz_onmouse() Function Ov...

ExploitDB Exploits

id Description
23246 Sumatra 2.1.1/MuPDF 1.0 Integer Overflow

Snort® IPS/IDS

Date Description
2017-02-01 MuPDF Fitz library font glyph scaling code execution vulnerability attempt
RuleID : 41471 - Type : FILE-PDF - Revision : 4
2017-02-01 MuPDF Fitz library font glyph scaling code execution vulnerability attempt
RuleID : 41470 - Type : FILE-PDF - Revision : 4
2017-01-18 Artifex MuPDF JBIG2 negative width value out of bounds read attempt
RuleID : 41225 - Type : FILE-PDF - Revision : 4
2017-01-18 Artifex MuPDF JBIG2 negative width value out of bounds read attempt
RuleID : 41224 - Type : FILE-PDF - Revision : 4

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-93558de1ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-049dee041d.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-15.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4334.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4152.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote Fedora host is missing a security update.
File: fedora_2018-da6f76b446.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7982ad5f2a.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7151603128.nasl - Type: ACT_GATHER_INFO
2018-01-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d1213cef30.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-a1ad512b22.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-4c30d86843.nasl - Type: ACT_GATHER_INFO
2017-12-11 Name: The remote Fedora host is missing a security update.
File: fedora_2017-9ae6e39bde.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: The remote Fedora host is missing a security update.
File: fedora_2017-267f37c544.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1300.nasl - Type: ACT_GATHER_INFO
2017-11-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-1164.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4006.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-487051ac16.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8150618774.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-08.nasl - Type: ACT_GATHER_INFO
2017-05-30 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5135c91b36.nasl - Type: ACT_GATHER_INFO
2017-04-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2d11503623.nasl - Type: ACT_GATHER_INFO
2017-03-24 Name: The remote Fedora host is missing a security update.
File: fedora_2017-3b97b275da.nasl - Type: ACT_GATHER_INFO
2017-03-08 Name: The remote Fedora host is missing a security update.
File: fedora_2017-9a819664a6.nasl - Type: ACT_GATHER_INFO
2017-03-02 Name: The remote Fedora host is missing a security update.
File: fedora_2017-844445f2aa.nasl - Type: ACT_GATHER_INFO
2017-03-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3797.nasl - Type: ACT_GATHER_INFO