Vulnerability Details CVE-2026-7233
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 1.7