Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55780

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Published

2025-09-23T18:15:34.743

Last Modified

2025-10-08T18:04:01.977

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	artifex	mupdf	< 1.26.7	Yes

References

https://bugs.ghostscript.com/show_bug.cgi?id=708720 Issue Tracking, Third Party Advisory ([email protected])
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=bdd5d241748807378a78a622388e0312332513c5 Permissions Required ([email protected])
https://github.com/ISH2YU/CVE-2025-55780/tree/main Third Party Advisory ([email protected])