Mupdf
This hub aggregates every CVE we track for Mupdf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
68
CVEs tracked
3
Critical
29
High
0
In CISA KEV
Severity distribution
MEDIUM34HIGH29CRITICAL3LOW2
Monthly trend
0
0
0
0
0
1
0
0
0
0
0
0
0
1
1
0
0
0
0
2
1
2
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Mupdf.
- CVE-2026-7233Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds3.3
- CVE-2026-40505MuPDF < 1.27 mutool ANSI Injection via Metadata3.3
- CVE-2026-3308CVE-2026-33087.8
- CVE-2025-15569Artifex MuPDF win_main.c get_system_dpi uncontrolled search path7.0
- CVE-2026-25556MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free7.5
- CVE-2025-55780A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to s...7.5
- CVE-2025-46206An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing...6.5
- CVE-2024-46657Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cra...5.5
- CVE-2024-24259freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.7.5
- CVE-2024-24258freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.7.5
- CVE-2023-51105A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.7.5
- CVE-2023-51103A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.7.5
- CVE-2023-51107A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was no...7.5
- CVE-2023-51104A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.7.5
- CVE-2023-51106A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.7.5
Product normalization is registry-driven with AI assist and human review. How it works