A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
1.25.1+ds1-5build21.25.1+ds1-61.25.1+ds1-71.25.1+ds1-71.25.1+ds1-7build11.25.1+ds1-7build21.27.0+ds1-2ubuntu11.27.0+ds1-3ubuntu11.27.0+ds1-3ubuntu21.7-11.7a-11.7a-1ubuntu0.1~esm11.11+ds1-1.11.11+ds1-21.12.0+ds1-11.12.0+ds1-1ubuntu0.1~esm11.12.0+ds1-1ubuntu0.1~esm21.15.0+ds1-11.16.1+ds1-1ubuntu11.16.1+ds1-1ubuntu1+esm11.16.1+ds1-1ubuntu1+esm21.17.0+ds1-21.19.0+ds1-11.19.0+ds1-1build11.19.0+ds1-21.19.0+ds1-2ubuntu0.1~esm11.22.2+ds1-21.22.2+ds1-2build11.23.10+ds1-11.23.10+ds1-1build11.23.10+ds1-1build21.23.10+ds1-1build31.23.10+ds1-1ubuntu0.1~esm11.23.6+ds1-11.23.7+ds1-1Exploitability
AV:LAC:LAT:NPR:LUI:NVulnerable System
VC:LVI:NVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P