CVE-2026-3308

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MuPDF version 1.27.0

Description An integer overflow exists in the 'pdf-image.c' file within MuPDF version 1.27.0. A specially crafted PDF document can trigger an integer overflow within the pdf load image imp function. This can lead to a heap out-of-bounds write, potentially enabling arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-3308

Affected Products

Mupdf

CVE-2026-3308

Weakness Enumeration

Related Identifiers

Affected Products

References · 14