USN-7888-1

Details

It was discovered that MuPDF could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106)

It was discovered that MuPDF incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. (CVE-2024-46657)

It was discovered that MuPDF could enter an infinite recursion when parsing certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-46206)

Affected Packages

Ubuntu:25.04mupdf

Fixed in:

1.25.1+ds1-5ubuntu0.1

Ubuntu:Pro:18.04:LTSmupdf

Fixed in:

1.12.0+ds1-1ubuntu0.1~esm2

Ubuntu:Pro:20.04:LTSmupdf

Fixed in:

1.16.1+ds1-1ubuntu1+esm2

Ubuntu:Pro:22.04:LTSmupdf

Fixed in:

1.19.0+ds1-2ubuntu0.1~esm1

Ubuntu:Pro:24.04:LTSmupdf

Fixed in:

1.23.10+ds1-1ubuntu0.1~esm1

References

REPORThttps://ubuntu.com/security/CVE-2023-51103 REPORThttps://ubuntu.com/security/CVE-2023-51104 REPORThttps://ubuntu.com/security/CVE-2023-51105 REPORThttps://ubuntu.com/security/CVE-2023-51106 REPORThttps://ubuntu.com/security/CVE-2024-46657 REPORThttps://ubuntu.com/security/CVE-2025-46206 ADVISORYhttps://ubuntu.com/security/notices/USN-7888-1

USN-7888-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline