Description

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

INFO

Published Date :

2026-02-06T16:11:59.926Z

Last Modified :

2026-03-05T01:30:44.730Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25556 vulnerability.

Vendors Products
Artifex
  • Mupdf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25556.

URL Resource
https://bugs.ghostscript.com/show_bug.cgi?id=709029 cve-icon cve-icon cve-icon
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1 cve-icon cve-icon cve-icon
https://mupdf.com/ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-25556 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-25556 cve-icon
https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact