Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2016-6525

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

Published: Sep 22, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-6525
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
artifex / mupdf	-	1.9.x

http://bugs.ghostscript.com/show_bug.cgi?id=696954
http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
http://git.ghostscript.com/?p=mupdf.git%3Bh=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
http://www.debian.org/security/2016/dsa-3655
http://www.openwall.com/lists/oss-security/2016/08/03/8
http://www.securityfocus.com/bid/92266
https://security.gentoo.org/glsa/201702-12

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo