Description
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/ereisr00/bagofbugz/tree/master/MuPDF/700560
Various Sources
https://bugs.ghostscript.com/show_bug.cgi?id=700560
Scores
CVSS v3
9.8
EPSS
0.0227
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
CWE-908
Status
published
Products (1)
artifex/mupdf
1.14.0
Published
Jun 13, 2019
Tracked Since
Feb 18, 2026