Bug 2437835 (CVE-2026-25556)
| Summary: | CVE-2026-25556 MuPDF: MuPDF: Denial of Service via crafted input during barcode decoding | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | mjg |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in MuPDF. An attacker can exploit a double-free vulnerability in the `fz_fill_pixmap_from_display_list()` function by processing crafted input that causes a rendering-time error during barcode decoding. This can lead to heap corruption and a process crash, resulting in a Denial of Service (DoS).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2437972, 2437973, 2437974, 2437975 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-09 11:08:52 UTC
Again, this report is partially wrong (versions below .1.26.0 do not even have barcode support) and misses the most relevant information (upstream bug and fix). Can we have these automatic buggers to be more helpful please? https://bugs.ghostscript.com/show_bug.cgi?id=709029 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1 |