CNNVD-202509-3671 Information
CNNVD ID
CNNVD-202509-3671
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
MuPDF是MuPDF开源的一款以 C 语言编写的自由及开放源代码软件库。用以渲染页面为位图,但也提供对其他操作诸如搜索和列举目录和链接的支持。 MuPDF 1.26.4版本存在安全漏洞,该漏洞源于break_word_for_overflow_wrap函数未检查node->next有效性,可能导致空指针取消引用。
Description (English)
MuPDF is a free and open source software library in the C language of MuPDF. The page is a bitmap, but it also provides support for other operations such as searching and listing directories and links. Version 1.26.4 of the MuPDF has a security loophole, which stems from the failure of the break word for overflow wrap function to check the node->text validity, which may lead to an empty pointer cancellation of the reference.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mutiny
Published
2025-09-23
Last Modified
2026-02-24
References
https://bugs.ghostscript.com/show_bug.cgi?id=708720 https://vigilance.fr/vulnerability/MuPDF-NULL-pointer-dereference-via-break-word-for-overflow-wrap-48393
Patch
https://mupdf.com/releases?product=MuPDF
Share on: