Donate Telegram

CVE-2026-3308

NONE EPSS 0.02%

Mar 31, 2026

Updated Mar 31, 2026

Artifex Software Inc. *Pymupdf*

Parameter	Value
Type	CWE-190 Integer Overflow or Wraparound
Vendor	Artifex Software Inc. Pymupdf
Public PoC	No

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.

Weakness Type (CWE)

CWE-190 Integer Overflow or Wraparound

Vulnerable Products

artifex software inc. *pymupdf*:mupdf

References 3

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d3…

https://github.com/ArtifexSoftware/mupdf

https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e…

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-3308

Published Date

Mar 31, 2026

Vendor

Artifex Software Inc. *Pymupdf*

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.02%

Likelihood of exploitation in next 30 days

Percentile: 4.7th percentile (higher than 4.7% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice