In Artifex MuPDF 1.13.0, the fzappendbyte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdfdevalpha array-index underflow.
{ "urgency": "not yet assigned" }