Ghostwire

CVE-2026-7233: A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function...

LOW CVSS 3.3 Exploit Available

Published: April 28, 2026 | Last Modified: April 28, 2026

Description

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.

Ghostwire Analysis — What This Means Practically

Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

artifex.com/
bugs.ghostscript.com/show_bug.cgi?id=709328
github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread
vuldb.com/submit/802590
vuldb.com/vuln/359840
vuldb.com/vuln/359840/cti
www.tenable.com/cve/CVE-2026-7233
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-7233