NIXPKGS-2026-0916

GitHub issue published on

Permalink CVE-2026-3308

updated 2 weeks, 2 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 2 days ago
@LeSuisse ignored
11 packages
- python312Packages.pymupdf
- python313Packages.pymupdf
- python314Packages.pymupdf
- python312Packages.pymupdf4llm
- mupdf-headless
- python313Packages.pymupdf4llm
- python314Packages.pymupdf4llm
- zathuraPkgs.zathura_pdf_mupdf
- python312Packages.pymupdf-fonts
- python313Packages.pymupdf-fonts
- python314Packages.pymupdf-fonts
2 weeks, 2 days ago
@LeSuisse restored package mupdf-headless 2 weeks, 2 days ago
@LeSuisse accepted 2 weeks, 2 days ago
@LeSuisse published on GitHub 2 weeks, 2 days ago

CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.

References

Affected products

MuPDF

=<1.27.0

Matching in nixpkgs

pkgs.mupdf

Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C

nixos-unstable 1.27.0
- nixpkgs-unstable 1.27.0
- nixos-unstable-small 1.27.0
nixos-25.11 1.26.10
- nixos-25.11-small 1.26.10
- nixpkgs-25.11-darwin 1.26.10

pkgs.mupdf-headless

Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C

nixos-unstable 1.27.0
- nixpkgs-unstable 1.27.0
- nixos-unstable-small 1.27.0
nixos-25.11 1.26.10
- nixos-25.11-small 1.26.10
- nixpkgs-25.11-darwin 1.26.10

Ignored packages (10)

pkgs.python312Packages.pymupdf

Python bindings for MuPDF's rendering library

nixos-25.11 1.26.6
- nixos-25.11-small 1.26.6
- nixpkgs-25.11-darwin 1.26.6

pkgs.python313Packages.pymupdf

Python bindings for MuPDF's rendering library

nixos-unstable 1.27.1
- nixpkgs-unstable 1.27.1
- nixos-unstable-small 1.27.1
nixos-25.11 1.26.6
- nixos-25.11-small 1.26.6
- nixpkgs-25.11-darwin 1.26.6

pkgs.python314Packages.pymupdf

Python bindings for MuPDF's rendering library

nixos-unstable 1.27.1
- nixpkgs-unstable 1.27.1
- nixos-unstable-small 1.27.1

pkgs.python312Packages.pymupdf4llm

PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation

nixos-25.11 pymupdf4llm-0.0.27
- nixos-25.11-small pymupdf4llm-0.0.27
- nixpkgs-25.11-darwin pymupdf4llm-0.0.27

pkgs.python313Packages.pymupdf4llm

PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation

nixos-unstable pymupdf4llm-0.3.4
- nixpkgs-unstable pymupdf4llm-0.3.4
- nixos-unstable-small pymupdf4llm-0.3.4
nixos-25.11 pymupdf4llm-0.0.27
- nixos-25.11-small pymupdf4llm-0.0.27
- nixpkgs-25.11-darwin pymupdf4llm-0.0.27

pkgs.python314Packages.pymupdf4llm

PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation

nixos-unstable pymupdf4llm-0.3.4
- nixpkgs-unstable pymupdf4llm-0.3.4
- nixos-unstable-small pymupdf4llm-0.3.4

pkgs.zathuraPkgs.zathura_pdf_mupdf

Zathura PDF plugin (mupdf)

nixos-unstable 2026.02.03
- nixpkgs-unstable 2026.02.03
- nixos-unstable-small 2026.02.03
nixos-25.11 0.4.4
- nixos-25.11-small 0.4.4
- nixpkgs-25.11-darwin 0.4.4

pkgs.python312Packages.pymupdf-fonts

Collection of optional fonts for PyMuPDF

nixos-25.11 1.0.5
- nixos-25.11-small 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.pymupdf-fonts

Collection of optional fonts for PyMuPDF

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixos-25.11-small 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python314Packages.pymupdf-fonts

Collection of optional fonts for PyMuPDF

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>

Patch: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a26f0142e7d390d4a82c6e5ae0e312e07cc4ec85

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0916

References

Affected products

Matching in nixpkgs

pkgs.mupdf

pkgs.mupdf-headless

pkgs.python312Packages.pymupdf

pkgs.python313Packages.pymupdf

pkgs.python314Packages.pymupdf

pkgs.python312Packages.pymupdf4llm

pkgs.python313Packages.pymupdf4llm

pkgs.python314Packages.pymupdf4llm

pkgs.zathuraPkgs.zathura_pdf_mupdf

pkgs.python312Packages.pymupdf-fonts

pkgs.python313Packages.pymupdf-fonts

pkgs.python314Packages.pymupdf-fonts

Package maintainers