Integer Overflow Vulnerability in MuPDF from Artifex Software
CVE-2026-3308

7.8HIGH

Key Information:

Vendor: Artifex Software Inc. *pymuPDF*
Status: MuPDF
Vendor: CVE Published:; 31 March 2026

🔔 Create Artifex Software Inc. *pymuPDF* Vulnerability Alert

What is CVE-2026-3308?

An integer overflow vulnerability exists in the 'pdf-image.c' file of MuPDF, specifically in version 1.27.0. The vulnerability arises when the 'pdf_load_image_imp' function processes a specially crafted PDF file. This flaw enables an attacker to induce an integer overflow, leading to a heap out-of-bounds write. When successfully exploited, it could allow the execution of arbitrary code, posing significant security risks to affected systems.

Affected Version(s)

MuPDF 0 <= 1.27.0

References

https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e...

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/c...

https://github.com/ArtifexSoftware/mupdf

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Feb 26, 2026

CVE-2026-3308 Data

JSON