Main Vulnerability Database SB2023082255

SB2023082255 - Remote code execution in Artifex Software MuPDF

Published: August 22, 2023 Updated: October 17, 2025

Security Bulletin ID SB2023082255

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2020-21896)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the svg_dev_text_span_as_paths_defs() function in source/fitz/svg-device.c when handling PDF files. A remote attacker can pass specially crafted input to the application and compromise the affected system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

http://www.ghostscript.com/cgi-bin/findgit.cgi?8719e07834d6a72b6b4131539e49ed1e8e2ff79e
https://bugs.ghostscript.com/show_bug.cgi?id=701294