CVE-2026-3308

HIGH 7.8

CVE-2026-3308

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.

Vendor	artifex software inc. pymupdf
Product	mupdf
Published	Mar 31, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for artifex software inc. pymupdf mupdf

Be the first to know when new high vulnerabilities affecting artifex software inc. *pymupdf* mupdf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Artifex Software Inc. *PyMuPDF* / MuPDF

0 ≤ 1.27.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85 cgit.ghostscript.com: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85 github.com: https://github.com/ArtifexSoftware/mupdf kb.cert.org: https://www.kb.cert.org/vuls/id/951662

CVE-2026-3308

CVE-2026-3308

Get instant alerts for artifex software inc. *pymupdf* mupdf

Affected Versions

References

Get instant alerts for artifex software inc. pymupdf mupdf