CVE-2026-25556

Name of the Vulnerable Software and Affected Versions MuPDF versions 1.23.0 through 1.27.0

Description MuPDF versions 1.23.0 through 1.27.0 have a double-free issue in the fz fill pixmap from display list() function during display list rendering. This occurs when an exception happens, causing the function to incorrectly release a pixmap pointer in its error handling before re-throwing the exception. Subsequent cleanup by callers, including the barcode decoding path in fz decode barcode from display list(), also releases the same pixmap, leading to a double-free. This can corrupt the heap and cause the process to crash. The issue impacts applications using MuPDF barcode decoding and can be triggered by specially crafted input that causes a rendering error during barcode decoding.

Recommendations Update MuPDF to a version later than 1.27.0.