CVE-2025-15569

HIGH EPSS 1.9%
Published Feb 10, 20264mo ago · Modified Jun 17, 20261w ago
7.3 CVSS 4.0
High
Find Similar
Published Feb 10, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

CVSS Details

Base Score
7.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-426
CWE-427

References 6

  • artifex.com https://artifex.com/
  • casper.mupdf.com https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip
  • cgit.ghostscript.com https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244
  • vuldb.com https://vuldb.com/?ctiid.344924
  • vuldb.com https://vuldb.com/?id.344924
  • vuldb.com https://vuldb.com/?submit.750978

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.