Back to CVE List

CVE-2026-40505

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Description

MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when running mutool info, enabling them to clear the terminal display and render arbitrary text for social engineering attacks such as presenting fake prompts or spoofed commands.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-150
Source
NVD
Vendor
Artifex Software Inc.
Product
MuPDF

External References

Discussion (0)

Add Comment

No comments yet. Be the first!