{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3308", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-26T21:04:05.303Z", "datePublished": "2026-03-31T13:13:12.088Z", "dateUpdated": "2026-04-21T09:32:51.075Z"}, "containers": {"cna": {"title": "CVE-2026-3308", "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Artifex Software Inc. *PyMuPDF*", "product": "MuPDF", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.27.0", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "references": [{"url": "https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"url": "https://github.com/ArtifexSoftware/mupdf"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3308"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-31T13:13:12.088Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:47:30.846054Z", "id": "CVE-2026-3308", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:48:14.433Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/951662"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-21T09:32:51.075Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/951662"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00020.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-21T09:32:51.075Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3308", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T14:47:30.846054Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:45:57.255Z"}}], "cna": {"title": "CVE-2026-3308", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Artifex Software Inc. *PyMuPDF*", "product": "MuPDF", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.27.0"}]}], "references": [{"url": "https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"url": "https://github.com/ArtifexSoftware/mupdf"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-3308"}, "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-31T13:13:12.088Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3308", "state": "PUBLISHED", "dateUpdated": "2026-04-21T09:32:51.075Z", "dateReserved": "2026-02-26T21:04:05.303Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-31T13:13:12.088Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution."}], "id": "CVE-2026-3308", "lastModified": "2026-04-21T10:16:30.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T14:16:12.560", "references": [{"source": "cret@cert.org", "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"source": "cret@cert.org", "url": "https://github.com/ArtifexSoftware/mupdf"}, {"source": "cret@cert.org", "url": "https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/951662"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.27.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "MuPDF", "source": "cna", "vendor": "Artifex Software Inc. *PyMuPDF*"}, "product": "mupdf", "vendor": "artifex"}], "analysis": {"en": {"generated_at": "2026-04-02T22:42:46.718157+00:00", "value": {"mitigation_remediation": ["Update MuPDF to the latest version that includes the integer overflow fix.", "If upgrading immediately is not feasible, segregate environments that process PDFs from trusted sources or temporarily block untrusted PDF input."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution via heap out\u2011of\u2011bounds write"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Artifex Software Inc.\u2019s MuPDF (also known as PyMuPDF) at version 1.27.0. Systems that rely on this specific release to render or manipulate PDF documents are susceptible to the overflow; no other versions or products are listed as affected in the current advisory.", "description_and_impact": "An integer overflow occurs in the pdf_image.c component of MuPDF version 1.27.0 when processing a PDF image. The overflow allows data to be written beyond the intended heap buffer within the pdf_load_image_imp function, potentially corrupting adjacent memory and yielding an arbitrary code execution path for the process that has access to the MuPDF library. The weakness is classified as CWE\u2011190, integer overflow.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity, while an EPSS score below 1% suggests a low short\u2011term exploitation probability. The vulnerability is not present in the CISA KEV catalog, meaning no widespread attacks have been reported. The attack likely requires delivery of a malicious PDF to a MuPDF instance, which can occur locally or during remote download; exploitation would need the vulnerable binary to run with sufficient privileges to compromise the system context."}}}}, "created": "2026-03-31T19:54:46.238424+00:00", "title": "Integer Overflow in MuPDF Leading to Heap Out\u2011of\u2011Bounds Write and Potential Code Execution", "updated": "2026-04-03T09:19:32.320786+00:00", "vendors": ["artifex", "artifex$PRODUCT$mupdf"]}