CVE-2026-7233

EUVD-2026-26000
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
artifexmupdf
1.0
CNA
artifexmupdf
1.1
CNA
artifexmupdf
1.2
CNA
artifexmupdf
1.3
CNA
artifexmupdf
1.4
CNA
artifexmupdf
1.5
CNA
artifexmupdf
1.6
CNA
artifexmupdf
1.7
CNA
artifexmupdf
1.8
CNA
artifexmupdf
1.9
CNA
artifexmupdf
1.10
CNA
artifexmupdf
1.11
CNA
artifexmupdf
1.12
CNA
artifexmupdf
1.13
CNA
artifexmupdf
1.14
CNA
artifexmupdf
1.15
CNA
artifexmupdf
1.16
CNA
artifexmupdf
1.17
CNA
artifexmupdf
1.18
CNA
artifexmupdf
1.19
CNA
artifexmupdf
1.20
CNA
artifexmupdf
1.21
CNA
artifexmupdf
1.22
CNA
artifexmupdf
1.23
CNA
artifexmupdf
1.24
CNA
artifexmupdf
1.25
CNA
artifexmupdf
1.26
CNA
artifexmupdf
1.27
CNA
artifexmupdf
1.28.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
mupdf
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://artifex.com/
https://bugs.ghostscript.com/show_bug.cgi?id=709328
https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
https://vuldb.com/submit/802590
https://vuldb.com/vuln/359840
https://vuldb.com/vuln/359840/cti