Primary

Context

MuPDF Null Pointer Dereference Vulnerability in EPUB Rendering

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in MuPDF version 1.26.4. This issue occurs in the function 'break_word_for_overflow_wrap()' while rendering a malformed EPUB document. The vulnerability arises because the function attempts to split a FLOW_WORD node without verifying the validity of 'node->next', leading to a crash if the split operation fails or returns an incomplete node chain.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application crashes shortly after opening a crafted EPUB file.

Reproduction

The vulnerability can be reproduced by opening the attached EPUB file with either 'mupdf.exe' or 'mupdf-gl.exe'.

Remediation

This vulnerability has been fixed in the MuPDF GitHub repository. Users can update to the latest version to address this issue.

Added: Sep 23, 2025, 6:23 PM

Updated: Sep 23, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MuPDF Null Pointer Dereference Vulnerability in EPUB Rendering

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MuPDF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating