CVE-2026-25556— MuPDF <= 1.27.0 Barcode Decoding Double Free
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-25556
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MuPDF <= 1.27.0 Barcode Decoding Double Free
Source: NVD (National Vulnerability Database)
Vulnerability Description
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
双重释放
Source: NVD (National Vulnerability Database)
Vulnerability Title
MuPDF 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MuPDF是MuPDF开源的一款以 C 语言编写的自由及开放源代码软件库。用以渲染页面为位图,但也提供对其他操作诸如搜索和列举目录和链接的支持。 MuPDF 1.27.0及之前版本存在资源管理错误漏洞,该漏洞源于fz_fill_pixmap_from_display_list函数在显示列表渲染期间发生异常时存在双重释放,可能导致堆损坏和进程崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Artifex Software | MuPDF | 1.23.0 ~ 1.27.0 | - |
II. Public POCs for CVE-2026-25556
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-25556
请登录查看更多情报信息。
- MuPDF <= 1.27.0 Barcode Decoding Double Free | Advisories | VulnCheckthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-25556
IV. Related Vulnerabilities
Same weakness: CWE-415
- CVE-2026-23918
Apache HTTP Server: http2: double free and possible RCE on e - CVE-2026-5657
Double Free in Wireshark - CVE-2026-33824
Windows Internet Key Exchange (IKE) Service Extensions Remot - CVE-2026-32074
Windows Projected File System Elevation of Privilege Vulnera - CVE-2026-32069
Windows Projected File System Elevation of Privilege Vulnera
V. Comments for CVE-2026-25556
No comments yet