Vulnerability Details CVE-2025-55780
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-55780
-
cpe:2.3:a:artifex:mupdf:1.24.0
-
cpe:2.3:a:artifex:mupdf:1.24.1
-
cpe:2.3:a:artifex:mupdf:1.24.10
-
cpe:2.3:a:artifex:mupdf:1.24.11
-
cpe:2.3:a:artifex:mupdf:1.24.2
-
cpe:2.3:a:artifex:mupdf:1.24.3
-
cpe:2.3:a:artifex:mupdf:1.24.4
-
cpe:2.3:a:artifex:mupdf:1.24.5
-
cpe:2.3:a:artifex:mupdf:1.24.6
-
cpe:2.3:a:artifex:mupdf:1.24.7
-
cpe:2.3:a:artifex:mupdf:1.24.8
-
cpe:2.3:a:artifex:mupdf:1.24.9
-
cpe:2.3:a:artifex:mupdf:1.25.0
-
cpe:2.3:a:artifex:mupdf:1.25.1
-
cpe:2.3:a:artifex:mupdf:1.25.2
-
cpe:2.3:a:artifex:mupdf:1.25.3
-
cpe:2.3:a:artifex:mupdf:1.25.4
-
cpe:2.3:a:artifex:mupdf:1.25.5
-
cpe:2.3:a:artifex:mupdf:1.25.6
-
cpe:2.3:a:artifex:mupdf:1.26.0
-
cpe:2.3:a:artifex:mupdf:1.26.1
-
cpe:2.3:a:artifex:mupdf:1.26.2
-
cpe:2.3:a:artifex:mupdf:1.26.3
-
cpe:2.3:a:artifex:mupdf:1.26.4
-
cpe:2.3:a:artifex:mupdf:1.26.5
-
cpe:2.3:a:artifex:mupdf:1.26.6