CVE 2021-37220
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
See the 
CVE page on Mitre.org
for more details.
