UBUNTU-CVE-2025-15569
- Source
- https://ubuntu.com/security/CVE-2025-15569
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-15569.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-15569
- Upstream
- Published
- 2026-02-10T11:16:00Z
- Modified
- 2026-02-12T06:45:25.725315Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function getsystemdpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.
- References
-
- https://ubuntu.com/security/CVE-2025-15569
- https://www.cve.org/CVERecord?id=CVE-2025-15569
- https://artifex.com/
- https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244
- https://vuldb.com/?ctiid.344924
- https://vuldb.com/?id.344924
- https://vuldb.com/?submit.750978
Affected packages
Ubuntu:22.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.19.0+ds1-2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.23.10+ds1-1build3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.22.2+ds1-2
1.22.2+ds1-2build1
1.23.6+ds1-1
1.23.7+ds1-1
1.23.10+ds1-1
1.23.10+ds1-1build1
1.23.10+ds1-1build2
1.23.10+ds1-1build3
Ubuntu:25.10
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.25.1+ds1-7?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.25.1+ds1-7",
"binary_name": "libmupdf-dev"
},
{
"binary_version": "1.25.1+ds1-7",
"binary_name": "libmupdf25.1"
},
{
"binary_version": "1.25.1+ds1-7",
"binary_name": "mupdf"
},
{
"binary_version": "1.25.1+ds1-7",
"binary_name": "mupdf-tools"
},
{
"binary_version": "1.25.1+ds1-7",
"binary_name": "python3-mupdf"
}
]
}Ubuntu:Pro:16.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.7a-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.12.0+ds1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.11+ds1-1.1
1.11+ds1-2
1.12.0+ds1-1
1.12.0+ds1-1ubuntu0.1~esm1
1.12.0+ds1-1ubuntu0.1~esm2
Ubuntu:Pro:20.04:LTS
mupdf
Package
- Name
- mupdf
- Purl
- pkg:deb/ubuntu/mupdf@1.16.1+ds1-1ubuntu1+esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.15.0+ds1-1
1.16.1+ds1-1ubuntu1
1.16.1+ds1-1ubuntu1+esm1
1.16.1+ds1-1ubuntu1+esm2