Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiffexpandcolormap() function when parsing TIFF files allowing attackers to cause a denial of service.
{ "urgency": "not yet assigned" }