UBUNTU-CVE-2026-3308
- Source
- https://ubuntu.com/security/CVE-2026-3308
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-3308.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-3308
- Upstream
- Published
- 2026-03-31T14:16:00Z
- Modified
- 2026-05-20T16:25:24.195569094Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimage_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
- References
-
- https://ubuntu.com/security/CVE-2026-3308
- https://www.cve.org/CVERecord?id=CVE-2026-3308
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85
- https://github.com/ArtifexSoftware/mupdf
- https://github.com/ArtifexSoftware/mupdf/commit/a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85
Affected packages
Ubuntu:25.10
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmupdf25.1",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "mupdf",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "mupdf-tools",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "python3-mupdf",
"binary_version": "1.25.1+ds1-7"
}
]
}Ubuntu:26.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.25.1+ds1-7
1.25.1+ds1-7build1
1.25.1+ds1-7build2
1.27.0+ds1-2ubuntu1
1.27.0+ds1-3ubuntu1
1.27.0+ds1-3ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmupdf27.0",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "mupdf",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "mupdf-tools",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "python3-mupdf",
"binary_version": "1.27.0+ds1-3ubuntu2"
}
]
}Ubuntu:Pro:16.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.11+ds1-1.1
1.11+ds1-2
1.12.0+ds1-1
1.12.0+ds1-1ubuntu0.1~esm1
1.12.0+ds1-1ubuntu0.1~esm2
Ubuntu:Pro:20.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.15.0+ds1-1
1.16.1+ds1-1ubuntu1
1.16.1+ds1-1ubuntu1+esm1
1.16.1+ds1-1ubuntu1+esm2
Ubuntu:Pro:22.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.17.0+ds1-2
1.19.0+ds1-1
1.19.0+ds1-1build1
1.19.0+ds1-2
1.19.0+ds1-2ubuntu0.1~esm1
Ubuntu:Pro:24.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.22.2+ds1-2
1.22.2+ds1-2build1
1.23.6+ds1-1
1.23.7+ds1-1
1.23.10+ds1-1
1.23.10+ds1-1build1
1.23.10+ds1-1build2
1.23.10+ds1-1build3
1.23.10+ds1-1ubuntu0.1~esm1