Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2026-3308
created 2 weeks, 4 days ago
CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.

Affected products

MuPDF
  • =<1.27.0

Matching in nixpkgs

pkgs.mupdf

Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C

Package maintainers