Description
Affected versions may be vulnerable to CVE-2026-3308, an integer overflow / wraparound issue in pdf_load_image_imp().
A specially crafted PDF with malformed image data can trigger a heap out-of-bounds write during image decoding. This may lead to memory corruption, application crash, or potentially arbitrary code execution.
Reproduction
The issue can be triggered by processing a crafted PDF through normal PyMuPDF PDF/image handling, for example:
import fitz
doc = fitz.open("crafted_file.pdf")
for page in doc:
for image in page.get_images(full=True):
xref = image[0]
pix = fitz.Pixmap(doc, xref)For security reasons, I am not attaching a public PoC file.
Expected Behavior
PyMuPDF should safely reject the malformed PDF or raise a controlled exception without crashing or writing out of bounds.
Environment
- OS: Windows
- Python: 3.12
- PyMuPDF: All versions
References
Description
Affected versions may be vulnerable to CVE-2026-3308, an integer overflow / wraparound issue in
pdf_load_image_imp().A specially crafted PDF with malformed image data can trigger a heap out-of-bounds write during image decoding. This may lead to memory corruption, application crash, or potentially arbitrary code execution.
Reproduction
The issue can be triggered by processing a crafted PDF through normal PyMuPDF PDF/image handling, for example:
For security reasons, I am not attaching a public PoC file.
Expected Behavior
PyMuPDF should safely reject the malformed PDF or raise a controlled exception without crashing or writing out of bounds.
Environment
References