PT-2024-32098 · Artifex+3 · Mupdf+3
Published
2024-12-10
·
Updated
2025-11-25
·
CVE-2024-46657
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Artifex Software mupdf version 1.24.9
Description
A segmentation fault was discovered in the /tools/pdfextract.c component, allowing attackers to cause a Denial of Service (DoS) via a crafted PDF file. The issue is related to the
pdfextract.c component, but specific details about vulnerable parameters or variables are not provided.Recommendations
For Artifex Software mupdf version 1.24.9, consider avoiding the use of the /tools/pdfextract.c component until a patch is available. As a temporary workaround, restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Ubuntu
Mupdf