CVE-2025-55780 – A null pointer dereference vulnerability in MuP... (How to Fix)

Q: What is the severity of CVE-2025-55780?

CVE-2025-55780 has a CVSS score of 7.5 (HIGH). A null pointer dereference vulnerability in MuPDF's EPUB rendering function allows attackers to crash the application by providing a malformed EPUB document. This affects users and systems that process EPUB files with MuPDF version 1.26.4. The vulnerability can cause denial of service but does not appear to allow code execution.

📋 TL;DR

A null pointer dereference vulnerability in MuPDF's EPUB rendering function allows attackers to crash the application by providing a malformed EPUB document. This affects users and systems that process EPUB files with MuPDF version 1.26.4. The vulnerability can cause denial of service but does not appear to allow code execution.

💻 Affected Systems

Products:

MuPDF

Versions: 1.26.4 (specifically mentioned in CVE, earlier versions may also be affected)

Operating Systems: All platforms where MuPDF runs (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using MuPDF to render or process EPUB documents is vulnerable. The vulnerability is triggered during EPUB rendering.

📦 What is this software?

Mupdf by Artifex

View all CVEs affecting Mupdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for PDF/EPUB processing functionality, potentially disrupting document workflows or automated processing systems.

🟠

Likely Case

Application crash when processing specially crafted EPUB files, requiring restart of MuPDF or the affected service.

🟢

If Mitigated

No impact if proper input validation or patched version is used; crashes are contained to the application process.

🌐 Internet-Facing: MEDIUM - Web services that accept EPUB uploads and process them with MuPDF could be disrupted, but impact is limited to DoS.

🏢 Internal Only: MEDIUM - Internal document processing systems using MuPDF could experience crashes, but requires user interaction or automated processing of malicious files.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is available on GitHub. Exploitation requires the victim to open a malicious EPUB file, which could be delivered via email, downloads, or web uploads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit bdd5d241748807378a78a622388e0312332513c5 (post 1.26.4)

Vendor Advisory: https://bugs.ghostscript.com/show_bug.cgi?id=708720

Restart Required: Yes

Instructions:

1. Update MuPDF to a version containing the fix commit bdd5d241748807378a78a622388e0312332513c5. 2. Rebuild from source if using custom builds. 3. Restart any services using MuPDF.

🔧 Temporary Workarounds

Disable EPUB processing

all

Configure systems to not process EPUB files with MuPDF

Input validation

all

Implement file type validation and sanitization before passing EPUB files to MuPDF

🧯 If You Can't Patch

Implement strict file upload controls and validation for EPUB files
Run MuPDF in sandboxed/isolated environments to contain crashes

🔍 How to Verify

Check if Vulnerable:

Check if MuPDF version is 1.26.4 or test with proof-of-concept EPUB file from GitHub repository

Check Version:

mupdf --version or check build information

Verify Fix Applied:

Verify MuPDF version includes commit bdd5d241748807378a78a622388e0312332513c5 or test with the same proof-of-concept file

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults or null pointer errors when processing EPUB files
Abnormal process termination of MuPDF

Network Indicators:

Unusual patterns of EPUB file uploads to web services

SIEM Query:

Process: 'mupdf' AND Event: 'segmentation fault' OR 'null pointer'

📊 Metadata

CVE ID: CVE-2025-55780

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.07% exploit probability (20.9th percentile)

Published: September 23, 2025

Last Updated: October 8, 2025

🔗 References

https://bugs.ghostscript.com/show_bug.cgi?id=708720 Issue Tracking,Third Party Advisory
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=bdd5d241748807378a78a622388e0312332513c5 Permissions Required
https://github.com/ISH2YU/CVE-2025-55780/tree/main Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55780, you might also want to check these: