[Git][security-tracker-team/security-tracker][master] Add CVE-2026-25556/mupdf
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 6 20:54:29 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d253dec by Salvatore Bonaccorso at 2026-02-06T21:54:17+01:00
Add CVE-2026-25556/mupdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,7 +73,13 @@ CVE-2026-25587 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a
CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandb ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerabili ...)
- TODO: check
+ - mupdf <unfixed>
+ [trixie] - mupdf <no-dsa> (Minor issue)
+ [bookworm] - mupdf <not-affected> (Vulnerable code introduced later)
+ [bullseye] - mupdf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=709029
+ NOTE: Introduced with: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c810149dfd28799cf7f6b40043645cade9bf02b8 (1.23.0-rc1)
+ NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1
CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The ret ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-24931 (Vulnerability of improper criterion security check in the card module. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d253dec92cd2799880867c02568a4a2035c2d30
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d253dec92cd2799880867c02568a4a2035c2d30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/a943dd4d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list