CVE-2025-55780

Name of the Vulnerable Software and Affected Versions MuPDF version 1.26.4

Description A flaw exists in MuPDF where a null pointer dereference can occur within the break word for overflow wrap() function when processing a malformed EPUB document. This happens because the function calls fz html split flow() to split a FLOW WORD node without verifying the validity of node->next before accessing node->next->overflow wrap. If the split operation fails or produces an incomplete node chain, this can lead to a crash.

Recommendations Update to a newer version that contains a fix for this vulnerability.