Explore top 10 tips to secure your open-source projects now. Read More
×fix CVE-2026-3308 (rhbz#2454361). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0ebdbc98c5 2026-04-25 01:21:36.171782+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 44 Version : 1.27.1 Release : 10.fc44 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454361) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361) * Tue Mar 24 2026 Michael J Gruber - 1.27.1-6 - Limit python3-clang version to
Yarden Porat found a heap-based buffer overwrite in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For Debian 11 bullseye, this problem has been fixed in version 1.17.0+ds1-2+deb11u2.. Debian LTS Advisory DLA-4540-1
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1.21.1+ds2-1+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6218-1
fix CVE-2026-3308 (rhbz#2454360). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b56fe1f040 2026-04-12 15:52:51.750312+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 42 Version : 1.26.3 Release : 6.fc42 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454360) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.26.3-6 - fix CVE-2026-3308 (rhbz#2454360) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454360 - CVE-2026-3308 mupdf: MuPDF: Arbitrary code execution via integer overflow with a crafted PDF [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2454360 -------------------------------------------------------------------------------- This update can be installed withthe "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b56fe1f040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
fix CVE-2026-3308 (rhbz#2454361). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7a9c0c8c04 2026-04-12 15:36:52.829623+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 43 Version : 1.27.1 Release : 10.fc43 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454361) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361) * Tue Mar 24 2026 Michael J Gruber - 1.27.1-6 - Limit python3-clang version to
mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : zathura-pdf-mupdf Product : Fedora 43 Version : 0.4.4 Release : 9.fc43 URL : https://pwmt.org/projects/zathura-pdf-mupdf/ Summary : PDF support for zathura via mupdf Description : This plugin adds PDF support to zathura using the mupdf rendering engine. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Michael J Gruber - 0.4.4-9 - Rebuild (mupdf) * Sat Jan 17 2026 Fedora Release Engineering - 0.4.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF: Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : qpdfview Product : Fedora 43 Version : 0.5.0 Release : 25.fc43 URL : https://launchpad.net/qpdfview Summary : Tabbed PDF Viewer Description : qpdfview is a tabbed PDF viewer. It uses the Poppler library for rendering and CUPS for printing. It provides a clear and simple graphical user interface using the Qt framework. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Michael J Gruber - 0.5.0-25 - Rebuild (mupdf * Sat Jan 17 2026 Fedora Release Engineering - 0.5.0-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Nov 5 2025 Yaakov Selkowitz - 0.5.0-23 - Build as a single package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF: Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : python-PyMuPDF Product : Fedora 43 Version : 1.27.1 Release : 2.fc43 URL : https://github.com/pymupdf/PyMuPDF Summary : Python binding for MuPDF - a lightweight PDF and XPS viewer Description : This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions *.pdf, *.xps, *.oxps, *.epub, *.cbz or *.fb2 from your Python scripts. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2026 Michael J Gruber - 1.27.1-2 - add added patch * Wed Feb 11 2026 Michael J Gruber - 1.27.1-1 - Update to new upstream release 1.27.1 (rhbz#2412929) - compatibility with mupdf 1.27.1 - new method `Document.repair()` - various fixes * Sun Jan 18 2026 Michael J Gruber - 1.26.5-4 - work around rst2pdf incompatibility with docutils 0.22 * Sat Jan 17 2026 Fedora Release Engineering - 1.26.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Oct 28 2025 Michael J Gruber - 1.26.5-2 - rebuild for swig 4.4.0 * Sat Oct 11 2025 Michael J Gruber - 1.26.5-1 - Update to new upstream release 1.26.5 (rhbz#2403129) - adjust to mupdf 1.26.9 (and 10) - improve the Python type annotations - various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF:Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.