CVE-2026-7233 | Artifex MuPDF up to 1.28.0 CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds (Bug 709328)
A vulnerability marked as problematic has been reported in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read.
The identification of this vulnerability is CVE-2026-7233. The attack can only be executed locally. Furthermore, there is an exploit available.
The project was informed of the problem early through a bug report but has not responded yet.