UBUNTU-CVE-2026-25556

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-25556

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-25556

Upstream

CVE-2026-25556

Published

2026-02-06T17:16:00Z

Modified

2026-05-20T16:24:47.239725262Z

Severity

5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist() when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fzdecodebarcodefromdisplay_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

References

Affected packages

Ubuntu:25.10

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.25.1+ds1-5build2

1.25.1+ds1-6

1.25.1+ds1-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.25.1+ds1-7",
            "binary_name": "libmupdf25.1"
        },
        {
            "binary_version": "1.25.1+ds1-7",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.25.1+ds1-7",
            "binary_name": "mupdf-tools"
        },
        {
            "binary_version": "1.25.1+ds1-7",
            "binary_name": "python3-mupdf"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:26.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.25.1+ds1-7

1.25.1+ds1-7build1

1.25.1+ds1-7build2

1.27.0+ds1-2ubuntu1

1.27.0+ds1-3ubuntu1

1.27.0+ds1-3ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.27.0+ds1-3ubuntu2",
            "binary_name": "libmupdf27.0"
        },
        {
            "binary_version": "1.27.0+ds1-3ubuntu2",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.27.0+ds1-3ubuntu2",
            "binary_name": "mupdf-tools"
        },
        {
            "binary_version": "1.27.0+ds1-3ubuntu2",
            "binary_name": "python3-mupdf"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:Pro:16.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7-1

1.7a-1

1.7a-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7a-1ubuntu0.1~esm1",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.7a-1ubuntu0.1~esm1",
            "binary_name": "mupdf-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:Pro:18.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11+ds1-1.1

1.11+ds1-2

1.12.0+ds1-1

1.12.0+ds1-1ubuntu0.1~esm1

1.12.0+ds1-1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.12.0+ds1-1ubuntu0.1~esm2",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.12.0+ds1-1ubuntu0.1~esm2",
            "binary_name": "mupdf-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:Pro:20.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.0+ds1-1

1.16.1+ds1-1ubuntu1

1.16.1+ds1-1ubuntu1+esm1

1.16.1+ds1-1ubuntu1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.16.1+ds1-1ubuntu1+esm2",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.16.1+ds1-1ubuntu1+esm2",
            "binary_name": "mupdf-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:Pro:22.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.0+ds1-2

1.19.0+ds1-1

1.19.0+ds1-1build1

1.19.0+ds1-2

1.19.0+ds1-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.19.0+ds1-2ubuntu0.1~esm1",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.19.0+ds1-2ubuntu0.1~esm1",
            "binary_name": "mupdf-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"

Ubuntu:Pro:24.04:LTS

mupdf

Package

Name: mupdf
Purl: pkg:deb/ubuntu/mupdf?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.2+ds1-2

1.22.2+ds1-2build1

1.23.6+ds1-1

1.23.7+ds1-1

1.23.10+ds1-1

1.23.10+ds1-1build1

1.23.10+ds1-1build2

1.23.10+ds1-1build3

1.23.10+ds1-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.23.10+ds1-1ubuntu0.1~esm1",
            "binary_name": "mupdf"
        },
        {
            "binary_version": "1.23.10+ds1-1ubuntu0.1~esm1",
            "binary_name": "mupdf-tools"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25556.json"