CVE-2026-25556MEDIUMCVSS 5.9≥ 1.23.0, ≤ 1.27.02026-02-06
CVE-2026-25556 [MEDIUM] CWE-415 CVE-2026-25556: MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_disp
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decodi
cvelistv5nvd