CVE-2026-7233

Name
CVE-2026-7233
Description
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Product https://artifex.com/
Exploit https://bugs.ghostscript.com/show_bug.cgi?id=709328
Exploit https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
Exploit https://vuldb.com/submit/802590
Exploit https://vuldb.com/vuln/359840
Permissions Required https://vuldb.com/vuln/359840/cti

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* mupdf >= None <= 1.27.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mupdf edge-community 1.27.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.26.12-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.26.11-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.26.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.26.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.6-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.6-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.24.10-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.18.0-r2 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable
mupdf edge-community 1.18.0-r1 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable
mupdf edge-community 1.17.0-r3 None possibly vulnerable
mupdf edge-community 1.13-r0 None possibly vulnerable
mupdf edge-community 1.11-r1 None possibly vulnerable
mupdf edge-community 1.10a-r2 None possibly vulnerable
mupdf edge-community 1.10a-r1 None possibly vulnerable
mupdf 3.23-community 1.26.11-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable