Memory Leak Vulnerability in MuPDF by Artifex Software
CVE-2020-26683

5.5MEDIUM

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 22 August 2023

What is CVE-2020-26683?

A memory leak vulnerability identified in the /pdf/pdf-font-add.c file of MuPDF version 1.17.0 can be exploited by attackers to extract sensitive information from the system. This flaw poses a significant risk as it may allow unauthorized access to valuable data, emphasizing the need for immediate remediation steps to safeguard user information.

References

https://bugs.ghostscript.com/show_bug.cgi?id=702566

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/c...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Oct 7, 2020