MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
Unreleased patch: https://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
Asked upstream about versioning given I don't know if 1.18.1 is a proper release or not. Trying to avoid adding just this patch then ending up stabling something else given it likely has security related fixes in it, in short succession.
Package list is empty or all packages have requested keywords.
Version 1.19.0 is in tree and stable keyworded. There is also 1.18.0-r4 for which I was not able to quickly determine if it contains the fix for this particular CVE or not.
A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.
Patch, in 1.20.0: https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf
(In reply to Sam James from comment #1)
> Asked upstream about versioning given I don't know if 1.18.1 is a proper
> release or not. Trying to avoid adding just this patch then ending up
> stabling something else given it likely has security related fixes in it, in
> short succession.
In any case it's definitely in 1.19.0