Tor Andersson

8 exploits Active since Apr 2019
CVE-2025-71382 WRITEUP MEDIUM WRITEUP
MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.
CVSS 6.5
CVE-2022-44789 WRITEUP HIGH WRITEUP
Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVSS 8.8
CVE-2026-40505 WRITEUP LOW WRITEUP
MuPDF mutool ANSI Injection via Metadata
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.
CVSS 3.3
CVE-2019-11411 WRITEUP CRITICAL WRITEUP
Artifex MuJS <1.0.5 - Buffer Overflow
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
CVSS 9.8
CVE-2019-11412 WRITEUP HIGH WRITEUP
Artifex MuJS 1.0.5 - Denial of Service via Missing ENDTRY Opcode
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
CVSS 7.5
CVE-2019-11413 WRITEUP HIGH WRITEUP
Artifex MuJS 1.0.5 - Buffer Overflow
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.
CVSS 7.5
CVE-2021-33796 WRITEUP CRITICAL WRITEUP
MuJS < 1.1.2 - Use-After-Free in Regexp Source Property Access
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
CVSS 10.0
CVE-2021-33797 WRITEUP CRITICAL WRITEUP
Artifex MuJS 1.0.1-1.1.1 - Buffer Overflow in jsdtoa.c
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
CVSS 9.8