Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Sep 25, 2025

CVE-2025-55780

Description

A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.

Affected products

MuPDF/MuPDFdescription
Artifex/Mupdfllm-fuzzy
Range: = 1.26.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.ghostscript.com/show_bug.cgimitre
cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/mitre
github.com/ISH2YU/CVE-2025-55780/tree/mainmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000