VU#951662: MuPDF by Artifex co... Note

VU#951662: MuPDF by Artifex contains integer overflow vulnerability.

MuPDF versions up to 1.27.0 are vulnerable to an integer overflow, identified as CVE-2026-3308. This vulnerability resides within the pdf_load_image_imp function, which handles image data processing in PDF files. An attacker can craft a malicious PDF to trigger the overflow by providing specially crafted image parameters. This overflow leads to incorrect memory allocation, specifically when calculating the image's buffer size. Consequently, the fz_unpack_stream function writes beyond the buffer's bounds during image decoding. This heap out-of-bounds write can result in application crashes or, potentially, arbitrary code execution. Any system automatically processing or rendering untrusted PDFs using MuPDF may be affected. Due to the vendor's unavailability, no official patch is currently available. Users should avoid processing untrusted PDF files where possible. Isolating PDF rendering in a sandboxed process is recommended as a mitigation. A pull request that includes the fix is available. This vulnerability was reported by Yarden Porat from Cyata.