mupdf is vulnerable to Use After Free
43
Medium Risk
The mupdf crate's PdfAnnotation stores a raw pointer to a MuPDF pdf_annot, and its annotation iterator yields these wrappers without keeping the parent PdfPage alive or taking a reference on the borrowed annotation. Because MuPDF exposes only a non-refcounted back-pointer from an annotation to its page, dropping the page while annotations remain in use, or iterating annotations and dropping the wrappers, frees memory that is still referenced. Processing or rendering a PDF that carries annotations then dereferences freed memory, causing crashes or memory corruption. The fix makes PdfAnnotation hold a ref-counted parent page handle, adds a borrowed-pointer constructor for the iterator, and applies correct refcounting.
You are affected if you are using a version that falls within the vulnerable range and your application iterates or renders PDF annotations.
mupdf is vulnerable to Use After Free in versions 0.0.2 - 0.6.0.
Upgrade the mupdf library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant