VIR Vulnerability Intelligence Relay

CVE-2018-6187

high
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
8.0

Description

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2018-6187

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201805-4

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201805-5

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201805-7

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201805-6

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201805-12

OS impact
OSVersionStatusFixed in
arch archfixed0.3.3-3
debian debianbookwormfixed1.13.0+ds1-1
debian debianbullseyefixed1.13.0+ds1-1
debian debianforkyfixed1.13.0+ds1-1
debian debiansidfixed1.13.0+ds1-1
debian debiantrixiefixed1.13.0+ds1-1

References

Verify integrity in audit chain (admin only). AS-IS.