Every CVE whose affected-product data names Artifex Mupdf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (67)
CVE-2019-7321 — CVSS 9.8 (critical): Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that…
CVE-2016-6525 — CVSS 9.8 (critical): Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of…
CVE-2011-0341 — CVSS 9.3 (critical): Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows…
CVE-2017-17866 — CVSS 7.8 (high): pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation…
CVE-2019-13290 — CVSS 7.8 (high): Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to…
CVE-2017-6060 — CVSS 7.8 (high): Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified…
CVE-2017-14687 — CVSS 7.8 (high): Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related…
CVE-2017-15587 — CVSS 7.8 (high): An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
CVE-2017-17858 — CVSS 7.8 (high): Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to…
CVE-2020-16600 — CVSS 7.8 (high): A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a…
CVE-2018-1000038 — CVSS 7.8 (high): In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to…
CVE-2012-5340 — CVSS 7.8 (high): SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CVE-2018-1000051 — CVSS 7.8 (high): Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code…
CVE-2016-8728 — CVSS 7.8 (high): An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted…
CVE-2016-8729 — CVSS 7.8 (high): An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a…
CVE-2017-14685 — CVSS 7.8 (high): Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related…
CVE-2017-14686 — CVSS 7.8 (high): Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode…
CVE-2017-15369 — CVSS 7.8 (high): The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may…
CVE-2025-55780 — CVSS 7.5 (high): A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document…
CVE-2017-5991 — CVSS 7.5 (high): An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c…
CVE-2024-24258 — CVSS 7.5 (high): freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
CVE-2024-24259 — CVSS 7.5 (high): freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
CVE-2014-2013 — CVSS 7.5 (high): Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute…
CVE-2023-51103 — CVSS 7.5 (high): A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_da…
CVE-2023-51104 — CVSS 7.5 (high): A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of…
CVE-2023-51105 — CVSS 7.5 (high): A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of…
CVE-2023-51106 — CVSS 7.5 (high): A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c…
CVE-2023-51107 — CVSS 7.5 (high): A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c…
CVE-2026-25556 — CVSS 7.5 (high): MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs…
CVE-2019-14975 — CVSS 7.1 (high): Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check…
CVE-2025-46206 — CVSS 6.5 (medium): An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool…
CVE-2025-71382 — CVSS 6.5 (medium): MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to…
CVE-2018-1000039 — CVSS 6.3 (medium): In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code…
CVE-2021-37220 — CVSS 5.5 (medium): MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a…
CVE-2016-10246 — CVSS 5.5 (medium): Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to…
CVE-2016-10247 — CVSS 5.5 (medium): Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers…
CVE-2016-6265 — CVSS 5.5 (medium): Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service…
CVE-2016-8674 — CVSS 5.5 (medium): The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and…
CVE-2017-5896 — CVSS 5.5 (medium): Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of…
CVE-2018-1000036 — CVSS 5.5 (medium): In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak)…
CVE-2018-1000037 — CVSS 5.5 (medium): In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert…
CVE-2018-1000040 — CVSS 5.5 (medium): In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial…
CVE-2018-10289 — CVSS 5.5 (medium): In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this…
CVE-2018-16647 — CVSS 5.5 (medium): In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service…
CVE-2018-16648 — CVSS 5.5 (medium): In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation…
CVE-2018-18662 — CVSS 5.5 (medium): There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
CVE-2018-19777 — CVSS 5.5 (medium): In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
CVE-2018-19881 — CVSS 5.5 (medium): In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c…
CVE-2018-19882 — CVSS 5.5 (medium): In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL…
CVE-2018-5686 — CVSS 5.5 (medium): In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF…
CVE-2018-6187 — CVSS 5.5 (medium): In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c…
CVE-2018-6192 — CVSS 5.5 (medium): In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service…
CVE-2018-6544 — CVSS 5.5 (medium): pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error…
CVE-2019-6130 — CVSS 5.5 (medium): Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to…
CVE-2019-6131 — CVSS 5.5 (medium): svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as…
CVE-2020-19609 — CVSS 5.5 (medium): Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing…
CVE-2020-21896 — CVSS 5.5 (medium): A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0…
CVE-2020-26519 — CVSS 5.5 (medium): Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
CVE-2020-26683 — CVSS 5.5 (medium): A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
CVE-2021-3407 — CVSS 5.5 (medium): A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
CVE-2021-4216 — CVSS 5.5 (medium): A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1…
CVE-2023-31794 — CVSS 5.5 (medium): MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to…
CVE-2024-46657 — CVSS 5.5 (medium): Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability…
CVE-2017-7264 — CVSS 5.3 (medium): Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a…
CVE-2016-10221 — CVSS 4.3 (medium): The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack…
CVE-2026-40505 — CVSS 3.3 (low): MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences…
CVE-2026-7233 — CVSS 3.3 (low): A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file…