Overview
CVE-2025-55780 is a significant vulnerability found in MuPDF 1.26.4, a popular software tool for rendering EPUB documents. This vulnerability can lead to a system crash, potentially compromising the system or leading to data leakage. Due to the widespread use of this software, this vulnerability presents a severe threat to numerous organizations and individuals worldwide.
Vulnerability Summary
CVE ID: CVE-2025-55780
Severity: High (7.5/10)
Attack Vector: Remote
Privileges Required: None
User Interaction: Required
Impact: System crash, potential system compromise, and data leakage
Affected Products
Product | Affected Versions
MuPDF | 1.26.4
How the Exploit Works
The exploit occurs when MuPDF attempts to render a malformed EPUB document. During this process, a null pointer dereference occurs in the function break_word_for_overflow_wrap(). The function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap. If the split fails or returns a partial node chain, it results in a system crash.
Conceptual Example Code
Here is a conceptual example of how the vulnerability can be exploited using a malformed EPUB file:
<!DOCTYPE html>
<html>
<head>
<title>Malformed EPUB</title>
</head>
<body>
<p>
<!-- Insert malformed FLOW_WORD node here -->
<span style="overflow-wrap: break-word;">...</span>
</p>
</body>
</html>
In the above example, the ‘…’ can be replaced with a specifically crafted string that triggers the null pointer dereference vulnerability when MuPDF attempts to split the FLOW_WORD node.
Mitigation Guidance
Users of MuPDF 1.26.4 are advised to apply the vendor’s patch to fix this vulnerability. Alternatively, a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can be used as temporary mitigation.
