CVE-2020-16600
HIGH7.8EPSS 0.30%Published: 12/9/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2020-16600
Description
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
Affected packages (1)
- Debian/mupdffrom 0, < 1.17.0+ds1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |