CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Artifex: >> Mupdf >> 1.24.0 Security Vulnerabilities

CVE-2025-55780

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

CVSS Score

7.5

EPSS Score

0.001

Published

2025-09-23

CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion

CVSS Score

6.5

EPSS Score

0.003

Published

2025-08-04

Page 1

Vulnerabilities

Vulnerable Software

Artifex: >> Mupdf >> 1.24.0 Security Vulnerabilities

Products

Pricing

Contact Us