CVE-2026-7233
⚪ Do wiadomości
Błąd odczytu poza zakresem w Artifex MuPDF umożliwia lokalne ataki.
CVSS
3.3
EPSS
0.0%
Exploit
poc
Vendor
artifex
Opis źródłowy (NVD)
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-28 07:16:04 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 17:15:24 UTC |
Referencje
- https://artifex.com/ (cna@vuldb.com) [Product]
- https://bugs.ghostscript.com/show_bug.cgi?id=709328 (cna@vuldb.com) [Exploit, Mitigation, Third Party Advisory]
- https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread (cna@vuldb.com) [Exploit]
- https://vuldb.com/submit/802590 (cna@vuldb.com) [Exploit, Mitigation, Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359840 (cna@vuldb.com) [Exploit, Mitigation, Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359840/cti (cna@vuldb.com) [Permissions Required, VDB Entry]