Vulnerability-Lookup

OPENSUSE-SU-2026:10214-1

Vulnerability from csaf_opensuse - Published: 2026-02-17 00:00 - Updated: 2026-02-17 00:00

Summary

mupdf-1.27.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: mupdf-1.27.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the mupdf-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10214

CVE-2025-55780

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-25556

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://www.suse.com/security/cve/CVE-2025-55780/	self
	https://www.suse.com/security/cve/CVE-2026-25556/	self
	https://www.suse.com/security/cve/CVE-2025-55780	external
	https://bugzilla.suse.com/1250443	external
	https://www.suse.com/security/cve/CVE-2026-25556	external
	https://bugzilla.suse.com/1257944	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "mupdf-1.27.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the mupdf-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10214",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10214-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-55780 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-55780/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25556 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25556/"
      }
    ],
    "title": "mupdf-1.27.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-02-17T00:00:00Z",
      "generator": {
        "date": "2026-02-17T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10214-1",
      "initial_release_date": "2026-02-17T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-02-17T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.27.1-1.1.aarch64",
                "product": {
                  "name": "mupdf-1.27.1-1.1.aarch64",
                  "product_id": "mupdf-1.27.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.27.1-1.1.aarch64",
                "product": {
                  "name": "mupdf-devel-static-1.27.1-1.1.aarch64",
                  "product_id": "mupdf-devel-static-1.27.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.27.1-1.1.ppc64le",
                "product": {
                  "name": "mupdf-1.27.1-1.1.ppc64le",
                  "product_id": "mupdf-1.27.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.27.1-1.1.ppc64le",
                "product": {
                  "name": "mupdf-devel-static-1.27.1-1.1.ppc64le",
                  "product_id": "mupdf-devel-static-1.27.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.27.1-1.1.s390x",
                "product": {
                  "name": "mupdf-1.27.1-1.1.s390x",
                  "product_id": "mupdf-1.27.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.27.1-1.1.s390x",
                "product": {
                  "name": "mupdf-devel-static-1.27.1-1.1.s390x",
                  "product_id": "mupdf-devel-static-1.27.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mupdf-1.27.1-1.1.x86_64",
                "product": {
                  "name": "mupdf-1.27.1-1.1.x86_64",
                  "product_id": "mupdf-1.27.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mupdf-devel-static-1.27.1-1.1.x86_64",
                "product": {
                  "name": "mupdf-devel-static-1.27.1-1.1.x86_64",
                  "product_id": "mupdf-devel-static-1.27.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.27.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64"
        },
        "product_reference": "mupdf-1.27.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.27.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le"
        },
        "product_reference": "mupdf-1.27.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.27.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x"
        },
        "product_reference": "mupdf-1.27.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-1.27.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64"
        },
        "product_reference": "mupdf-1.27.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.27.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64"
        },
        "product_reference": "mupdf-devel-static-1.27.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.27.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le"
        },
        "product_reference": "mupdf-devel-static-1.27.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.27.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x"
        },
        "product_reference": "mupdf-devel-static-1.27.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mupdf-devel-static-1.27.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
        },
        "product_reference": "mupdf-devel-static-1.27.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-55780",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-55780"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node-\u003enext is valid before accessing node-\u003enext-\u003eoverflow_wrap, resulting in a crash if the split fails or returns a partial node chain.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-55780",
          "url": "https://www.suse.com/security/cve/CVE-2025-55780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250443 for CVE-2025-55780",
          "url": "https://bugzilla.suse.com/1250443"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-17T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-55780"
    },
    {
      "cve": "CVE-2026-25556",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25556"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x",
          "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x",
          "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25556",
          "url": "https://www.suse.com/security/cve/CVE-2026-25556"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257944 for CVE-2026-25556",
          "url": "https://bugzilla.suse.com/1257944"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-1.27.1-1.1.x86_64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.aarch64",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.ppc64le",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.s390x",
            "openSUSE Tumbleweed:mupdf-devel-static-1.27.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-17T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-25556"
    }
  ]
}

CVE-2025-55780 (GCVE-0-2025-55780)

Vulnerability from cvelistv5 – Published: 2025-09-23 00:00 – Updated: 2025-09-25 14:47

Summary

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

CVE-2026-25556 (GCVE-0-2026-25556)

Vulnerability from cvelistv5 – Published: 2026-02-06 16:11 – Updated: 2026-03-05 01:30

Title

MuPDF <= 1.27.0 Barcode Decoding Double Free

Summary

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

Severity ?

5.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-415 - Double Free

Assigner

VulnCheck

References

URL

Tags

	https://bugs.ghostscript.com/show_bug.cgi?id=709029	issue-tracking
	https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup…	patch
	https://mupdf.com/	product
	https://www.vulncheck.com/advisories/mupdf-barcod…	third-party-advisory

Impacted products

	Vendor	Product	Version
	Artifex Software	MuPDF	Affected: 1.23.0 , ≤ 1.27.0 (semver)

Credits

Pavel Kohout, Aisle Research (www.aisle.com)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25556",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T16:34:46.909949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T16:35:11.989Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MuPDF",
          "repo": "https://github.com/ArtifexSoftware/mupdf",
          "vendor": "Artifex Software",
          "versions": [
            {
              "lessThanOrEqual": "1.27.0",
              "status": "affected",
              "version": "1.23.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.27.0",
                  "versionStartIncluding": "1.23.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pavel Kohout, Aisle Research (www.aisle.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
            }
          ],
          "value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T01:30:44.730Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugs.ghostscript.com/show_bug.cgi?id=709029"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://mupdf.com/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MuPDF \u003c= 1.27.0 Barcode Decoding Double Free",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-25556",
    "datePublished": "2026-02-06T16:11:59.926Z",
    "dateReserved": "2026-02-02T20:12:33.395Z",
    "dateUpdated": "2026-03-05T01:30:44.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2026:10214-1

CVE-2025-55780 (GCVE-0-2025-55780)

CVE-2026-25556 (GCVE-0-2026-25556)

Tags

Sightings

Nomenclature