What is the CVSS score of CVE-2026-25556?

CVE-2026-25556 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Mupdf are affected by CVE-2026-25556?

MuPDF, a PDF processing library used in document management and rendering applications, contains a critical memory vulnerability that could allow attackers to crash services or potentially execute…. A patch is available.

Is there a public PoC exploit available for CVE-2026-25556?

Yes, a public proof-of-concept exploit is available for CVE-2026-25556. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-25556?

Within 24 hours: Identify all systems and applications using affected MuPDF versions (1.23.0-1.27.0) through software inventory and dependency scanning. Within 7 days: Test and deploy the available patch to non-production environments and validate application functionality. Within 30 days: Complete production deployment of patched MuPDF versions across all affected systems, prioritizing those processing external/untrusted documents.

Mupdf CVE-2026-25556

HIGH

Double Free (CWE-415)

2026-02-06 disclosure@vulncheck.com

Denial Of Service Mupdf Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SUSE

HIGH

qualitative

Red Hat

5.3 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 24, 2026 - 21:07 vuln.today

Public exploit code

Patch released

Feb 24, 2026 - 21:07 nvd

Patch available

CVE Published

Feb 06, 2026 - 17:16 nvd

HIGH 7.5

DescriptionCVE.org

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

AnalysisAI

MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted PDF with barcode

Delivery

Trigger display list rendering

Exploit

Exception occurs during pixmap processing

Execution

Double-free in error handler

Impact

Heap corruption and process crash

Access

Send crafted PDF with barcode

Delivery

Trigger display list rendering

Exploit

Exception occurs during pixmap processing

Execution

Double-free in error handler

Impact

Heap corruption and process crash

Vulnerability AssessmentAI

Exploitation	MuPDF versions 1.23.0–1.27.0 with barcode decoding enabled; application must process untrusted PDF files containing barcode elements via fz_decode_barcode_from_display_list() or equivalent display list rendering paths. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this flaw, a double-free that can corrupt the heap and crash the proces.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems and applications using affected MuPDF versions (1.23.0-1.27.0) through software inventory and dependency scanning. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High

Product	Status
openSUSE Tumbleweed	Fixed

CVE-2026-25556 vulnerability details – vuln.today

Back

Mupdf CVE-2026-25556

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code