pymupdf@1.16.0 vulnerabilities

A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.

latest version

1.26.6

first published

8 years ago

latest version published

24 days ago

licenses detected

(AGPL-3.0 OR GPL-3.0)
[1.10.0,1.11.2); [1.14.19,1.18.9)

View pymupdf package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pymupdf package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Missing Release of Memory after Effective Lifetime PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through the `/pdf/pdf-font-add.c` component. An attacker can obtain sensitive information by exploiting a memory leak issue. How to fix Missing Release of Memory after Effective Lifetime? Upgrade `PyMuPDF` to version 1.18.0 or higher.	[,1.18.0)
M Uncontrolled Recursion PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a crafted PDF file containing cyclic `/Next` references in the outline structure via the `strip_outline` function. An attacker can cause the application to enter an infinite recursion and crash by submitting a specially crafted PDF file. How to fix Uncontrolled Recursion? Upgrade `PyMuPDF` to version 1.26.0 or higher.	[,1.26.0)

Missing Release of Memory after Effective Lifetime

PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through the /pdf/pdf-font-add.c component. An attacker can obtain sensitive information by exploiting a memory leak issue.

How to fix Missing Release of Memory after Effective Lifetime?

Upgrade PyMuPDF to version 1.18.0 or higher.

[,1.18.0)

Uncontrolled Recursion

PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.

Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a crafted PDF file containing cyclic /Next references in the outline structure via the strip_outline function. An attacker can cause the application to enter an infinite recursion and crash by submitting a specially crafted PDF file.

How to fix Uncontrolled Recursion?

Upgrade PyMuPDF to version 1.26.0 or higher.

[,1.26.0)

Go back to all versions of this package