CVE-2026-7233
Modified Modified - Updated After Analysis
Out-of-Bounds Read in MuPDF CFF Index Handler (Local Exploit

Publication date: 2026-04-28

Last updated on: 2026-05-05

Assigner: VulDB

Description
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7233
EUVD
EUVD-2026-26000
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artifex mupdf to 1.27.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in Artifex MuPDF up to version 1.28.0, specifically in the function fz_subset_cff_for_gids within the file subset-cff.c, which is part of the CFF Index Handler component.

The issue causes an out-of-bounds read, meaning the program reads data outside the intended memory boundaries, which can lead to unexpected behavior or crashes.

The attack exploiting this vulnerability can only be executed locally, and the exploit has been publicly disclosed.

Impact Analysis

The vulnerability allows an attacker with local access to cause an out-of-bounds read in the MuPDF software, which may lead to information disclosure or application instability.

Since the attack requires local access and the impact is limited to confidentiality (no integrity or availability impact), the overall risk is low.

Detection Guidance

This vulnerability affects the function fz_subset_cff_for_gids in Artifex MuPDF up to version 1.28.0 and involves an out-of-bounds read that can only be exploited locally.

Detection can be approached by testing the vulnerable MuPDF versions using available proof-of-concept (PoC) code.

A relevant resource is the GitHub repository containing PoC code for this vulnerability, which can be used to verify if your system is vulnerable.

  • Clone or download the PoC from https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
  • Run the PoC against your installed MuPDF binary to check for out-of-bounds read behavior.
  • Use system commands to identify the MuPDF version installed, for example: `mupdf --version` or check package manager info.
Mitigation Strategies

Since the vulnerability can only be exploited locally and involves an out-of-bounds read in MuPDF up to version 1.28.0, immediate mitigation steps include:

  • Restrict local access to systems running vulnerable versions of MuPDF to trusted users only.
  • Monitor and limit execution of MuPDF binaries by untrusted users.
  • Apply any available patches or updates once the vendor responds or releases a fix.
  • Consider using alternative PDF rendering tools until a patch is available.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart