Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Sep 25, 2025
CVE-2025-55780
CVE-2025-55780
Description
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MuPDF/MuPDFdescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.