Nixpkgs security tracker

Dismissed

Permalink CVE-2025-71382

7.1 HIGH

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): Passive (P)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Passive (P)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 2 days ago by @LeSuisse Activity log

Created suggestion 2 days, 10 hours ago
@LeSuisse dismissed 2 days ago

MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.

References

https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0-rc1 release-notes
https://bugs.ghostscript.com/show_bug.cgi?id=708840 exploittechnical-description
https://github.com/ArtifexSoftware/mupdf/commit/70b71ab22e6de4d4c44cd301c88231f… patch
https://www.vulncheck.com/advisories/mupdf-rc1-stack-exhaustion-dos-via-epub-cs… third-party-advisory

Affected products

mupdf

<1.27.0-rc1

Matching in nixpkgs

pkgs.mupdf

Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C

nixos-unstable 1.27.2
- nixpkgs-unstable 1.27.2
- nixos-unstable-small 1.27.2
nixos-26.05 1.27.2
- nixos-26.05-small 1.27.2
- nixpkgs-26.05-darwin 1.27.2

pkgs.mupdf-headless

Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C

nixos-unstable 1.27.2
- nixpkgs-unstable 1.27.2
- nixos-unstable-small 1.27.2
nixos-26.05 1.27.2
- nixos-26.05-small 1.27.2
- nixpkgs-26.05-darwin 1.27.2

pkgs.python312Packages.pymupdf

None

pkgs.python313Packages.pymupdf

Python bindings for MuPDF's rendering library

nixos-unstable 1.27.2.3
- nixpkgs-unstable 1.27.2.3
- nixos-unstable-small 1.27.2.3
nixos-26.05 1.27.2.3
- nixos-26.05-small 1.27.2.3
- nixpkgs-26.05-darwin 1.27.2.3

pkgs.python314Packages.pymupdf

Python bindings for MuPDF's rendering library

nixos-unstable 1.27.2.3
- nixpkgs-unstable 1.27.2.3
- nixos-unstable-small 1.27.2.3
nixos-26.05 1.27.2.3
- nixos-26.05-small 1.27.2.3
- nixpkgs-26.05-darwin 1.27.2.3

pkgs.python312Packages.pymupdf4llm

None

pkgs.python313Packages.pymupdf4llm

PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-26.05 0.3.4
- nixos-26.05-small 0.3.4
- nixpkgs-26.05-darwin 0.3.4

pkgs.python314Packages.pymupdf4llm

PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation

nixos-unstable 0.3.4
- nixpkgs-unstable 0.3.4
- nixos-unstable-small 0.3.4
nixos-26.05 0.3.4
- nixos-26.05-small 0.3.4
- nixpkgs-26.05-darwin 0.3.4

pkgs.zathuraPkgs.zathura_pdf_mupdf

Zathura PDF plugin (mupdf)

nixos-unstable 2026.05.10
- nixpkgs-unstable 2026.05.10
- nixos-unstable-small 2026.05.10
nixos-26.05 2026.05.10
- nixos-26.05-small 2026.05.10
- nixpkgs-26.05-darwin 2026.05.10

pkgs.python312Packages.pymupdf-fonts

None

pkgs.python313Packages.pymupdf-fonts

Collection of optional fonts for PyMuPDF

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-26.05 1.0.5
- nixos-26.05-small 1.0.5
- nixpkgs-26.05-darwin 1.0.5

pkgs.python314Packages.pymupdf-fonts

Collection of optional fonts for PyMuPDF

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-26.05 1.0.5
- nixos-26.05-small 1.0.5
- nixpkgs-26.05-darwin 1.0.5

Package maintainers

@fpletz Franz Pletz <fpletz@fnordicwalking.de>
@sarahec Sarah Clark <seclark@nextquestion.net>
@ryota2357 Ryota Otsuki <contact@ryota2357.com>
@MithicSpirit MithicSpirit <rpc01234@gmail.com>

The stable branch was never impacted

Untriaged

Permalink CVE-2026-7233

3.3 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.