CVE-2026-3308
Integer Overflow in MuPDF pdf-image.c Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-21
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artifex | mupdf | 1.27.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3308 is an integer overflow vulnerability in Artifex's MuPDF version 1.27.0, specifically in the function that loads images from PDFs. The vulnerability occurs because the calculation of the number of bytes per source image line (src_stride) uses 32-bit integer arithmetic, which can overflow when multiplying the image width, bit depth, and number of components per pixel.
This overflow can cause incorrect memory operations, leading to a heap out-of-bounds write. An attacker can craft a malicious PDF that triggers this overflow, potentially allowing arbitrary code execution on the affected system.
The issue was fixed by changing the calculation to use 64-bit integer arithmetic, preventing the overflow.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your system by opening a specially crafted malicious PDF file. This could lead to unauthorized access, data theft, system compromise, or disruption of services.
Because the vulnerability involves a heap out-of-bounds write, it can be exploited to manipulate the program's behavior, potentially giving the attacker control over the affected application or the underlying system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is an integer overflow in the MuPDF library's image loading function. Detection involves identifying if your system is running a vulnerable version of MuPDF, specifically version 1.27.0 or earlier before the fix.
You can check the installed MuPDF version by running the following command on your system:
- mupdf --version
To detect attempts to exploit this vulnerability, monitor for suspicious PDF files that may trigger the integer overflow in the 'pdf_load_image_imp' function. However, no specific network detection commands or signatures are provided.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update MuPDF to a version that includes the fix for this vulnerability. The fix involves changing the integer arithmetic in the source code to use 64-bit integers to prevent overflow.
If you maintain the MuPDF source code, apply the patch that changes the calculation of 'src_stride' in the 'unpack_stream' function from 32-bit to 64-bit arithmetic as shown in the commit:
- int src_stride = ((int64_t) w * depth * n + 7) >> 3;
Alternatively, upgrade to the latest MuPDF version from the official repository where this fix is included.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the integer overflow vulnerability in MuPDF version 1.27.0 impacts compliance with common standards and regulations such as GDPR or HIPAA.