{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7233", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-27T17:00:07.970Z", "datePublished": "2026-04-28T06:00:18.874Z", "dateUpdated": "2026-04-28T06:00:18.874Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-28T06:00:18.874Z"}, "title": "Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Artifex", "product": "MuPDF", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "1.5", "status": "affected"}, {"version": "1.6", "status": "affected"}, {"version": "1.7", "status": "affected"}, {"version": "1.8", "status": "affected"}, {"version": "1.9", "status": "affected"}, {"version": "1.10", "status": "affected"}, {"version": "1.11", "status": "affected"}, {"version": "1.12", "status": "affected"}, {"version": "1.13", "status": "affected"}, {"version": "1.14", "status": "affected"}, {"version": "1.15", "status": "affected"}, {"version": "1.16", "status": "affected"}, {"version": "1.17", "status": "affected"}, {"version": "1.18", "status": "affected"}, {"version": "1.19", "status": "affected"}, {"version": "1.20", "status": "affected"}, {"version": "1.21", "status": "affected"}, {"version": "1.22", "status": "affected"}, {"version": "1.23", "status": "affected"}, {"version": "1.24", "status": "affected"}, {"version": "1.25", "status": "affected"}, {"version": "1.26", "status": "affected"}, {"version": "1.27", "status": "affected"}, {"version": "1.28.0", "status": "affected"}], "cpes": ["cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*"], "modules": ["CFF Index Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-27T19:05:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biniam (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359840", "name": "VDB-359840 | Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359840/cti", "name": "VDB-359840 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/802590", "name": "Submit #802590 | Artifex MuPDF 1.28 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread", "tags": ["exploit"]}, {"url": "https://artifex.com/", "tags": ["product"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet."}], "id": "CVE-2026-7233", "lastModified": "2026-04-28T20:28:03.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-28T07:16:04.067", "references": [{"source": "cna@vuldb.com", "url": "https://artifex.com/"}, {"source": "cna@vuldb.com", "url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328"}, {"source": "cna@vuldb.com", "url": "https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/802590"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359840"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359840/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "mupdf: Artifex MuPDF: Information disclosure due to out-of-bounds read", "id": "2463367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463367"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user could exploit an out-of-bounds read vulnerability in the `fz_subset_cff_for_gids` function. This could allow an attacker to read sensitive information from memory, potentially leading to information disclosure."], "mitigation": {"lang": "en:us", "value": "Users should avoid opening untrusted or malicious PDF documents with applications that utilize the MuPDF library. If the `mupdf` package is not essential for system operation, consider removing it to eliminate the attack surface."}, "name": "CVE-2026-7233", "public_date": "2026-04-28T06:00:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7233\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7233\nhttps://artifex.com/\nhttps://bugs.ghostscript.com/show_bug.cgi?id=709328\nhttps://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread\nhttps://vuldb.com/submit/802590\nhttps://vuldb.com/vuln/359840\nhttps://vuldb.com/vuln/359840/cti"], "statement": "This vulnerability is rated as Low impact. The out-of-bounds read in Artifex MuPDF's CFF Index Handler requires local user access to exploit, limiting its potential for widespread impact on Red Hat systems. Successful exploitation could lead to information disclosure from memory.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.28.0]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MuPDF", "source": "cna", "vendor": "Artifex"}, "product": "mupdf", "vendor": "artifex"}], "analysis": {"en": {"generated_at": "2026-04-28T12:25:37.280622+00:00", "value": {"mitigation_remediation": ["Install the latest MuPDF release that contains the CFF Index handler fix once it becomes available.", "Restrict local execution of MuPDF to trusted users and run the process with least privilege.", "If a patch is not yet available, consider disabling the CFF Index handler or switching to an alternative PDF viewer that does not contain the vulnerability."], "summary": {"action": "Check Update", "impact": "Local out-of-bounds read exposing memory contents"}, "threat_synthesis": {"affected_systems": "Artifex MuPDF, previous to 1.28.0. No other vendors or product variants are mentioned in the advisory, and the flaw is reported only in the subset-cff.c component of the CFF Index Handler.", "description_and_impact": "The vulnerability in Artifex MuPDF up to version 1.28.0 stems from the fz_subset_cff_for_gids function in subset-cff.c, which performs an out-of-bounds read when processing certain PDF documents. This flaw can leak internal memory data and is classified as a buffer over-read (CWE-119) and an out-of-bounds read (CWE-125). The weakness potentially allows a local attacker to read unintended data, but it does not provide a remote code execution path.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score is unavailable, suggesting limited exploitation probability. The flaw requires local execution of the vulnerable binary. The public disclosure indicates the existence of an exploit, but it is confined to users with local access, and it has not been featured in the CISA KEV catalog."}}}}, "created": "2026-04-28T08:30:13.033658+00:00", "updated": "2026-04-28T12:30:31.065477+00:00", "vendors": ["artifex", "artifex$PRODUCT$mupdf"]}