CVE-2025-15569Untrusted Search Path in Mupdf

CWE-426Untrusted Search PathCWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 97.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mupdf
Timeline
PublishedFeb 10

Description

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5artifex/mupdf1.26.0, 1.26.1+1

🔴Vulnerability Details

3
OSV
CVE-2025-15569: A flaw has been found in Artifex MuPDF up to 12026-02-10
CVEList
Artifex MuPDF win_main.c get_system_dpi uncontrolled search path2026-02-10
GHSA
GHSA-8qc5-j3h9-pmjh: A flaw has been found in Artifex MuPDF up to 12026-02-10
CVE-2025-15569 — Untrusted Search Path in Artifex Mupdf | cvebase