Home / mailingsPDF  

[USN-7888-1] MuPDF vulnerabilities

Posted on 26 November 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7888-1
November 25, 2025

mupdf vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MuPDF.

Software Description:
- mupdf: A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents

Details:

It was discovered that MuPDF could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106)

It was discovered that MuPDF incorrectly handled memory under certain
circumstances, which could lead to a NULL pointer dereference. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-46657)

It was discovered that MuPDF could enter an infinite recursion when
parsing certain PDF files. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-46206)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
mupdf 1.25.1+ds1-5ubuntu0.1
mupdf-tools 1.25.1+ds1-5ubuntu0.1

Ubuntu 24.04 LTS
mupdf 1.23.10+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.23.10+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
mupdf 1.19.0+ds1-2ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.19.0+ds1-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
mupdf 1.16.1+ds1-1ubuntu1+esm2
Available with Ubuntu Pro
mupdf-tools 1.16.1+ds1-1ubuntu1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
mupdf 1.12.0+ds1-1ubuntu0.1~esm2
Available with Ubuntu Pro
mupdf-tools 1.12.0+ds1-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7888-1
CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106,
CVE-2024-46657, CVE-2025-46206

Package Information:
https://launchpad.net/ubuntu/+source/mupdf/1.25.1+ds1-5ubuntu0.1

--===============2601395995233651473==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :