Home / Vulnerability Intelligence / CVE-2026-7233

CVE-2026-7233 - Vulnerability Analysis

LowCVSS: 3.3

Last Updated: April 29, 2026

Artifex MuPDF - Out of Bounds Read

Published: April 28, 2026Updated: April 29, 2026PoC Available

Overview

Artifex MuPDF <= 1.28.0 contains an out-of-bounds read caused by improper handling in fz_subset_cff_for_gids function in CFF Index Handler, letting local attackers read memory out-of-bounds, exploit requires local access.

Severity & Score

Severity: Low

CVSS Score: 3.3

Impact

Local attackers can read out-of-bounds memory, potentially exposing sensitive information or causing application crashes.

Mitigation

Update to the latest version of Artifex MuPDF.

References

https://bugs.ghostscript.com/show_bug.cgi?id=709328
https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
https://vuldb.com/submit/802590
https://vuldb.com/vuln/359840
https://vuldb.com/vuln/359840/cti
https://artifex.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7233
Severity: Low
CVSS Score: 3.3
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N