Nixpkgs security tracker
7.0 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @fricklerhandwerk Activity log
- Created automatic suggestion
- @fricklerhandwerk ignored package python314Packages.pymupdf-fonts
Artifex MuPDF win_main.c get_system_dpi uncontrolled search path
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.
References
-
VDB-344924 | Artifex MuPDF win_main.c get_system_dpi uncontrolled search path vdb-entrytechnical-description
-
-
Submit #750978 | Artifex Software MuPDF 1.26.2 Uncontrolled Search Path third-party-advisory
-
https://artifex.com/ product
Affected products
- ==1.26.0
- ==1.26.2
- ==1.26.1
Matching in nixpkgs
pkgs.mupdf
Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C
pkgs.mupdf-headless
Lightweight PDF, XPS, and E-book viewer and toolkit written in portable C
pkgs.python312Packages.pymupdf
Python bindings for MuPDF's rendering library
-
nixos-unstable 1.26.1
pkgs.python313Packages.pymupdf
Python bindings for MuPDF's rendering library
pkgs.python314Packages.pymupdf
Python bindings for MuPDF's rendering library
pkgs.python312Packages.pymupdf4llm
PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation
-
nixos-unstable pymupdf4llm-0.0.25
-
nixos-25.11 pymupdf4llm-0.0.27
- nixpkgs-25.11-darwin pymupdf4llm-0.0.27
pkgs.python313Packages.pymupdf4llm
PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation
-
nixos-unstable pymupdf4llm-0.0.25
- nixpkgs-unstable pymupdf4llm-0.0.27
- nixos-unstable-small pymupdf4llm-0.0.27
-
nixos-25.11 pymupdf4llm-0.0.27
- nixpkgs-25.11-darwin pymupdf4llm-0.0.27
pkgs.python314Packages.pymupdf4llm
PyMuPDF Utilities for LLM/RAG - converts PDF pages to Markdown format for Retrieval-Augmented Generation
-
nixos-unstable -
- nixpkgs-unstable pymupdf4llm-0.0.27
- nixos-unstable-small pymupdf4llm-0.0.27
pkgs.zathuraPkgs.zathura_pdf_mupdf
Zathura PDF plugin (mupdf)
-
nixos-25.11 0.4.4
pkgs.python312Packages.pymupdf-fonts
Collection of optional fonts for PyMuPDF
-
nixos-unstable 1.0.5
Ignored packages (1)
pkgs.python314Packages.pymupdf-fonts
Collection of optional fonts for PyMuPDF
Package maintainers
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>
-
@ryota2357 Ryota Otsuki <contact@ryota2357.com>
-
@sarahec Sarah Clark <seclark@nextquestion.net>