CVE-2026-3308
Received Received - Intake
Integer Overflow in MuPDF pdf-image.c Enables Code Execution

Publication date: 2026-03-31

Last updated on: 2026-04-21

Assigner: CERT/CC

Description
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3308
EUVD
EUVD-2026-17412
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artifex mupdf 1.27.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3308 is an integer overflow vulnerability in Artifex's MuPDF version 1.27.0, specifically in the function that loads images from PDFs. The vulnerability occurs because the calculation of the number of bytes per source image line (src_stride) uses 32-bit integer arithmetic, which can overflow when multiplying the image width, bit depth, and number of components per pixel.

This overflow can cause incorrect memory operations, leading to a heap out-of-bounds write. An attacker can craft a malicious PDF that triggers this overflow, potentially allowing arbitrary code execution on the affected system.

The issue was fixed by changing the calculation to use 64-bit integer arithmetic, preventing the overflow.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on your system by opening a specially crafted malicious PDF file. This could lead to unauthorized access, data theft, system compromise, or disruption of services.

Because the vulnerability involves a heap out-of-bounds write, it can be exploited to manipulate the program's behavior, potentially giving the attacker control over the affected application or the underlying system.

Detection Guidance

This vulnerability is an integer overflow in the MuPDF library's image loading function. Detection involves identifying if your system is running a vulnerable version of MuPDF, specifically version 1.27.0 or earlier before the fix.

You can check the installed MuPDF version by running the following command on your system:

  • mupdf --version

To detect attempts to exploit this vulnerability, monitor for suspicious PDF files that may trigger the integer overflow in the 'pdf_load_image_imp' function. However, no specific network detection commands or signatures are provided.

Mitigation Strategies

The immediate mitigation step is to update MuPDF to a version that includes the fix for this vulnerability. The fix involves changing the integer arithmetic in the source code to use 64-bit integers to prevent overflow.

If you maintain the MuPDF source code, apply the patch that changes the calculation of 'src_stride' in the 'unpack_stream' function from 32-bit to 64-bit arithmetic as shown in the commit:

  • int src_stride = ((int64_t) w * depth * n + 7) >> 3;

Alternatively, upgrade to the latest MuPDF version from the official repository where this fix is included.

Compliance Impact

The provided information does not specify how the integer overflow vulnerability in MuPDF version 1.27.0 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3308. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart