MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
Unreleased patch: https://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
Asked upstream about versioning given I don't know if 1.18.1 is a proper release or not. Trying to avoid adding just this patch then ending up stabling something else given it likely has security related fixes in it, in short succession.
Package list is empty or all packages have requested keywords.