Primary

Context

Artifex MuPDF Integer Overflow Vulnerability in Image Processing Allows Arbitrary Code Execution

Vulnerability

Patched

An integer overflow vulnerability has been identified in Artifex MuPDF version 1.27.0, specifically within the 'pdf-image.c' file. The issue arises in the 'pdf_load_image_imp' function, where an attacker can craft a malicious PDF that triggers the overflow. This vulnerability leads to a heap out-of-bounds write, which could be exploited for arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating a PDF file that exploits the integer overflow in the 'pdf_load_image_imp' function of MuPDF version 1.27.0. This can be done by manipulating the image loading process to cause an overflow in the 'src_stride' calculation, leading to a heap out-of-bounds write.

Remediation

Users can update to the latest version of MuPDF, where this vulnerability has been addressed.

Added: Mar 31, 2026, 2:20 PM

Updated: Mar 31, 2026, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

5.0

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

5.0

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Artifex MuPDF Integer Overflow Vulnerability in Image Processing Allows Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Artifex MuPDF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating