Mupdf

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25556 HIGH POC PATCH This Week

MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.

Denial Of Service Mupdf Redhat Suse
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55780 HIGH PATCH This Week

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Mupdf Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46206 MEDIUM POC This Week

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-25556
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

MuPDF versions 1.23.0 through 1.27.0 are vulnerable to a double-free memory corruption flaw in the display list rendering function that can be triggered through crafted barcode input during exception handling. Applications using MuPDF's barcode decoding feature can crash or potentially experience heap corruption when processing specially crafted files. Public exploit code exists for this vulnerability, and a patch is available.

Denial Of Service Mupdf Redhat +1
NVD
CVE-2025-55780
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Mupdf +1
NVD GitHub
CVE-2025-46206
EPSS 0% CVSS 6.5
MEDIUM POC This Week

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy