CVE-2026-7233
Out-of-Bounds Read in MuPDF CFF Index Handler (Local Exploit
Publication date: 2026-04-28
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artifex | mupdf | to 1.27.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in Artifex MuPDF up to version 1.28.0, specifically in the function fz_subset_cff_for_gids within the file subset-cff.c, which is part of the CFF Index Handler component.
The issue causes an out-of-bounds read, meaning the program reads data outside the intended memory boundaries, which can lead to unexpected behavior or crashes.
The attack exploiting this vulnerability can only be executed locally, and the exploit has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability allows an attacker with local access to cause an out-of-bounds read in the MuPDF software, which may lead to information disclosure or application instability.
Since the attack requires local access and the impact is limited to confidentiality (no integrity or availability impact), the overall risk is low.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the function fz_subset_cff_for_gids in Artifex MuPDF up to version 1.28.0 and involves an out-of-bounds read that can only be exploited locally.
Detection can be approached by testing the vulnerable MuPDF versions using available proof-of-concept (PoC) code.
A relevant resource is the GitHub repository containing PoC code for this vulnerability, which can be used to verify if your system is vulnerable.
- Clone or download the PoC from https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
- Run the PoC against your installed MuPDF binary to check for out-of-bounds read behavior.
- Use system commands to identify the MuPDF version installed, for example: `mupdf --version` or check package manager info.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability can only be exploited locally and involves an out-of-bounds read in MuPDF up to version 1.28.0, immediate mitigation steps include:
- Restrict local access to systems running vulnerable versions of MuPDF to trusted users only.
- Monitor and limit execution of MuPDF binaries by untrusted users.
- Apply any available patches or updates once the vendor responds or releases a fix.
- Consider using alternative PDF rendering tools until a patch is available.