Ubuntu 25.04: MuPDF Critical Denial of Service Vulnerabilities USN-7888
Article Content
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in MuPDF. Software Description: - mupdf: A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents Details: It was discovered that MuPDF could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106) It was discovered that MuPDF incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. (CVE-2024-46657) It was discovered that MuPDF could enter an infinite recursion when parsing certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-46206)
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in MuPDF. Software Description: - mupdf: A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents Details: It was discovered that MuPDF could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106) It was discovered that MuPDF incorrectly handled memory under certain circumstances, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. (CVE-2024-46657) It was discovered that MuPDF could enter an infinite recursion when parsing certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-46206)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 mupdf 1.25.1+ds1-5ubuntu0.1 mupdf-tools 1.25.1+ds1-5ubuntu0.1 Ubuntu 24.04 LTS mupdf 1.23.10+ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro mupdf-tools 1.23.10+ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS mupdf 1.19.0+ds1-2ubuntu0.1~esm1 Available with Ubuntu Pro mupdf-tools 1.19.0+ds1-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS mupdf 1.16.1+ds1-1ubuntu1+esm2 Available with Ubuntu Pro mupdf-tools 1.16.1+ds1-1ubuntu1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS mupdf 1.12.0+ds1-1ubuntu0.1~esm2 Available with Ubuntu Pro mupdf-tools 1.12.0+ds1-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 mupdf 1.25.1+ds1-5ubuntu0.1 mupdf-tools 1.25.1+ds1-5ubuntu0.1 Ubuntu 24.04 LTS mupdf 1.23.10+ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro mupdf-tools 1.23.10+ds1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS mupdf 1.19.0+ds1-2ubuntu0.1~esm1 Available with Ubuntu Pro mupdf-tools 1.19.0+ds1-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS mupdf 1.16.1+ds1-1ubuntu1+esm2 Available with Ubuntu Pro mupdf-tools 1.16.1+ds1-1ubuntu1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS mupdf 1.12.0+ds1-1ubuntu0.1~esm2 Available with Ubuntu Pro mupdf-tools 1.12.0+ds1-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106, CVE-2024-46657, CVE-2025-46206
CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106,
CVE-2024-46657, CVE-2025-46206
Extracted Entities
No entities detected