CNNVD-202602-994 Information
CNNVD ID
CNNVD-202602-994
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
MuPDF是MuPDF开源的一款以 C 语言编写的自由及开放源代码软件库。用以渲染页面为位图,但也提供对其他操作诸如搜索和列举目录和链接的支持。 MuPDF 1.27.0及之前版本存在资源管理错误漏洞,该漏洞源于fz_fill_pixmap_from_display_list函数在显示列表渲染期间发生异常时存在双重释放,可能导致堆损坏和进程崩溃。
Description (English)
MuPDF is a free and open source software library in the C language of MuPDF. The page is a bitmap, but it also provides support for other operations such as searching and listing directories and links. MUPDF 1.2.7.0 and previous versions contain a resource management error loophole which stems from the dual release of the fz fill pixmap from display list function during the display of an anomaly during the list rendering, which may result in pile damage and process collapse.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
MuPDF
Published
2026-02-06
Last Modified
2026-02-24
References
https://bugs.ghostscript.com/show_bug.cgi?id=709029 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1 https://mupdf.com/ https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free
Patch
https://mupdf.com/releases?product=MuPDF
Share on: