MuPDF is vulnerable to integer overflows. An attacker can pass a malicious pdf file to the pdf_read_new_xref_section()
function in pdf/pdf-xref.c
, causing an integer overflow in the application that can lead to arbitrary writes and the application crashing.