CVE-2024-46657 – CVE-2024-46657 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-46657?

CVE-2024-46657 has a CVSS score of 5.5 (MEDIUM). CVE-2024-46657 is a buffer overflow vulnerability in Artifex Software mupdf's pdfextract tool that allows attackers to cause a Denial of Service (DoS) via a specially crafted PDF file. This affects systems running vulnerable versions of mupdf that process untrusted PDF files. The vulnerability is triggered through the pdfextract component when handling malformed PDF input.

📋 TL;DR

CVE-2024-46657 is a buffer overflow vulnerability in Artifex Software mupdf's pdfextract tool that allows attackers to cause a Denial of Service (DoS) via a specially crafted PDF file. This affects systems running vulnerable versions of mupdf that process untrusted PDF files. The vulnerability is triggered through the pdfextract component when handling malformed PDF input.

💻 Affected Systems

Products:

Artifex Software mupdf

Versions: v1.24.9 and earlier versions containing the vulnerable code

Operating Systems: Linux, Windows, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the pdfextract tool component; other mupdf components may not be vulnerable. Systems using mupdf libraries directly without pdfextract may not be affected.

📦 What is this software?

Mupdf by Artifex

View all CVEs affecting Mupdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service for PDF processing functionality, potentially disrupting workflows that rely on mupdf for PDF extraction.

🟠

Likely Case

Application segmentation fault causing the pdfextract tool to crash when processing malicious PDF files, resulting in temporary service disruption.

🟢

If Mitigated

Minimal impact with proper input validation and sandboxing; crashes would be contained to the pdfextract process without affecting the broader system.

🌐 Internet-Facing: MEDIUM - Risk exists if mupdf pdfextract is exposed to process user-uploaded PDF files from untrusted sources over the internet.

🏢 Internal Only: LOW - Risk is limited to internal systems where users might process malicious PDF files, but requires local file access or user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available in references; exploitation requires the attacker to provide a crafted PDF file to the pdfextract tool. No authentication required if the tool processes external files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit b5c898a30f068b5342e8263a2cd5b9f0be291aac and later versions

Vendor Advisory: https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac

Restart Required: No

Instructions:

1. Update mupdf to version containing commit b5c898a30f068b5342e8263a2cd5b9f0be291aac or later. 2. Rebuild from source if using custom builds. 3. Replace the pdfextract binary with the patched version.

🔧 Temporary Workarounds

Disable pdfextract tool

linux

Remove or disable access to the vulnerable pdfextract binary to prevent exploitation

sudo rm /usr/bin/pdfextract
sudo chmod 000 /usr/bin/pdfextract

Implement PDF file validation

all

Add input validation to reject malformed PDF files before processing with pdfextract

🧯 If You Can't Patch

Restrict pdfextract tool usage to trusted users only
Implement sandboxing/containerization to isolate pdfextract process crashes

🔍 How to Verify

Check if Vulnerable:

Check if pdfextract binary exists and test with known malicious PDF sample (use caution). Check mupdf version with 'pdfextract --version' or similar.

Check Version:

pdfextract --version 2>/dev/null || strings $(which pdfextract) | grep -i version

Verify Fix Applied:

Verify the mupdf commit hash includes b5c898a30f068b5342e8263a2cd5b9f0be291aac. Test pdfextract with the malicious PDF to confirm no crash.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in system logs related to pdfextract
Application crash logs showing SIGSEGV for pdfextract process

Network Indicators:

Unusual PDF file uploads to systems using pdfextract
Multiple failed PDF processing attempts

SIEM Query:

process_name:"pdfextract" AND (event_type:"crash" OR signal:"SIGSEGV")

📊 Metadata

CVE ID: CVE-2024-46657

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: December 10, 2024

Last Updated: July 1, 2025

🔗 References

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/diff/?id=b5c898a30f068b5342e8263a2cd5b9f0be291aac Patch
https://gist.github.com/isumitpatel/615e6bd2621cb46b5d980ddb9db223e2 Exploit,Patch,Third Party Advisory
https://github.com/ArtifexSoftware/mupdf/commit/b5c898a30f068b5342e8263a2cd5b9f0be291aac Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46657, you might also want to check these: