Young_X

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.12.0 **Description** The issue is a heap-based buffer overflow in the `do pdf save document` function, located in the `pdf/pdf-write.c` file. This can be exploited by remote attackers using a crafted pdf file to cause a denial of service. **Recommendations** For Artifex MuPDF version 1.12.0, consider restricting access to the `do pdf save document` function until a patch is available. As a temporary workaround, avoid processing crafted pdf files that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.12.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation violation and application crash, via a crafted pdf file. This is due to a problem in the `pdf read new xref` function in `pdf/pdf-xref.c`. **Recommendations** For Artifex MuPDF version 1.12.0, consider avoiding the use of the `pdf read new xref` function until a patch is available. As a temporary workaround, restrict the processing of crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jbig2dec version 0.13 **Description** The issue is related to a NULL pointer dereference in the `jbig2 huffman get` function in `jbig2 huffman.c`. This can cause a crash, such as a segmentation fault, when parsing an invalid file. For example, the jbig2dec utility will crash when encountering such a file. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For version 0.13, consider updating to a newer version that addresses this issue, as the current version is affected by the NULL pointer dereference in the `jbig2 huffman get` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.