Vulnerability Description
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d39
- https://github.com/ArtifexSoftware/mupdf
- https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e0
- https://lists.debian.org/debian-lts-announce/2026/04/msg00020.html
- https://www.kb.cert.org/vuls/id/951662
FAQ
What is CVE-2026-3308?
CVE-2026-3308 is a vulnerability with a CVSS score of 7.8 (HIGH). An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' ...
How severe is CVE-2026-3308?
CVE-2026-3308 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3308?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.