USN-7888-1: MuPDF vulnerabilities

USN-7888-1: MuPDF vulnerabilities

Publication date: 25 November 2025
Overview: Several security issues were fixed in MuPDF.

Packages
mupdf - A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents

Details
It was discovered that MuPDF could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106)

It was discovered that MuPDF incorrectly handled memory under certain
circumstances, which could lead to a NULL pointer dereference. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-46657)

It was discovered that MuPDF could enter an infinite recursion when
parsing certain PDF files. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-46206)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

25.04 plucky

• mupdf – 1.25.1+ds1-5ubuntu0.1
• mupdf-tools – 1.25.1+ds1-5ubuntu0.1

24.04 LTS noble

• mupdf – 1.23.10+ds1-1ubuntu0.1~esm1
• mupdf-tools – 1.23.10+ds1-1ubuntu0.1~esm1

22.04 LTS jammy

• mupdf – 1.19.0+ds1-2ubuntu0.1~esm1
• mupdf-tools – 1.19.0+ds1-2ubuntu0.1~esm1

20.04 LTS focal

• mupdf – 1.16.1+ds1-1ubuntu1+esm2
• mupdf-tools – 1.16.1+ds1-1ubuntu1+esm2

18.04 LTS bionic

• mupdf – 1.12.0+ds1-1ubuntu0.1~esm2
• mupdf-tools – 1.12.0+ds1-1ubuntu0.1~esm2