Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 65 articles for you...
89

Fedora 44 MuPDF Critical Update for CVE-2026-3308 Code Execution

fix CVE-2026-3308 (rhbz#2454361). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0ebdbc98c5 2026-04-25 01:21:36.171782+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 44 Version : 1.27.1 Release : 10.fc44 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454361) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361) * Tue Mar 24 2026 Michael J Gruber - 1.27.1-6 - Limit python3-clang version to

Calendar%202 Apr 25, 2026 Critical Fedora
197

Debian 11 MuPDF Critical Denial of Service Vulnerability DLA-4540-1

Yarden Porat found a heap-based buffer overwrite in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For Debian 11 bullseye, this problem has been fixed in version 1.17.0+ds1-2+deb11u2.. Debian LTS Advisory DLA-4540-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 21, 2026 https://wiki.debian.org/LTS Package : mupdf Version : 1.17.0+ds1-2+deb11u2 CVE ID : CVE-2026-3308 Debian Bug : 1133189 Yarden Porat found a heap-based buffer overwrite in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For Debian 11 bullseye, this problem has been fixed in version 1.17.0+ds1-2+deb11u2. We recommend that you upgrade your mupdf packages. For the detailed security status of mupdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mupdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Heap buffer overwrite in MuPDF could allow arbitrary code execution or Denial of Service in Debian 11. Upgrade now.. Debian LTS, MuPDF buffer overflow, security advisory Debian. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 Critical Debian LTS
87

Ubuntu DSA-7219-1 Ghostscript Severe Buffer Underflow DDoS CVE-2026-4401

A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1.21.1+ds2-1+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6218-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mupdf CVE ID : CVE-2026-3308 Debian Bug : 1133189 A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1.21.1+ds2-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.25.1+ds1-6+deb13u1. We recommend that you upgrade your mupdf packages. For the detailed security status of mupdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mupdf Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Heap-based buffer overflow in MuPDF leads to potential DoS and arbitrary code execution. Upgrade recommended for Debian package.. Denial of Service, Buffer Overflow, MuPDF, Debian Security, Software Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 18, 2026 Important Debian
89

Fedora 42 mupdf Critical Arbitrary Code Exec Fix CVE-2026-3308

fix CVE-2026-3308 (rhbz#2454360). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b56fe1f040 2026-04-12 15:52:51.750312+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 42 Version : 1.26.3 Release : 6.fc42 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454360) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.26.3-6 - fix CVE-2026-3308 (rhbz#2454360) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454360 - CVE-2026-3308 mupdf: MuPDF: Arbitrary code execution via integer overflow with a crafted PDF [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2454360 -------------------------------------------------------------------------------- This update can be installed withthe "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b56fe1f040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 42 mupdf fixes critical bug for CVE-2026-3308 to prevent arbitrary code execution in PDF viewer.. Fedora Mupdf 2026-04-12 Update Critical Code Execution Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 12, 2026 Critical Fedora
89

Fedora 43 mupdf High CVE-2026-3308 Arbitrary Code Execution Advisory

fix CVE-2026-3308 (rhbz#2454361). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7a9c0c8c04 2026-04-12 15:36:52.829623+00:00 -------------------------------------------------------------------------------- Name : mupdf Product : Fedora 43 Version : 1.27.1 Release : 10.fc43 URL : http://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-3308 (rhbz#2454361) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Michael J Gruber - 1.27.1-10 - fix CVE-2026-3308 (rhbz#2454361) * Tue Mar 24 2026 Michael J Gruber - 1.27.1-6 - Limit python3-clang version to

Calendar%202 Apr 12, 2026 Critical Fedora
89

Fedora 43 zathura-pdf-mupdf Denial of Service Fix 2026-c06fd97a53

mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : zathura-pdf-mupdf Product : Fedora 43 Version : 0.4.4 Release : 9.fc43 URL : https://pwmt.org/projects/zathura-pdf-mupdf/ Summary : PDF support for zathura via mupdf Description : This plugin adds PDF support to zathura using the mupdf rendering engine. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Michael J Gruber - 0.4.4-9 - Rebuild (mupdf) * Sat Jan 17 2026 Fedora Release Engineering - 0.4.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF: Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. Tounsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This advisory addresses a denial of service threat in zathura-pdf-mupdf related to a crafted input bug fix. Update available.. PDF Support, zathura, security update, mupdf, Fedora 43. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 23, 2026 Important Fedora
89

Fedora 43 qpdfview Critical Denial of Service 2026-c06fd97a53

mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : qpdfview Product : Fedora 43 Version : 0.5.0 Release : 25.fc43 URL : https://launchpad.net/qpdfview Summary : Tabbed PDF Viewer Description : qpdfview is a tabbed PDF viewer. It uses the Poppler library for rendering and CUPS for printing. It provides a clear and simple graphical user interface using the Qt framework. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Michael J Gruber - 0.5.0-25 - Rebuild (mupdf * Sat Jan 17 2026 Fedora Release Engineering - 0.5.0-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Nov 5 2025 Yaakov Selkowitz - 0.5.0-23 - Build as a single package -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF: Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical advisory regarding qpdfview update for Fedora 43 addressing denial of service risk from mupdf security flaw.. Fedora 43 qpdfview mupdf PDF viewer threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 23, 2026 Critical Fedora
89

Fedora 43 python-PyMuPDF Important Denial of Service CVE-2026-25556

mupdf 1.27.1 and dependencies. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c06fd97a53 2026-02-23 01:56:24.639485+00:00 -------------------------------------------------------------------------------- Name : python-PyMuPDF Product : Fedora 43 Version : 1.27.1 Release : 2.fc43 URL : https://github.com/pymupdf/PyMuPDF Summary : Python binding for MuPDF - a lightweight PDF and XPS viewer Description : This is PyMuPDF, a Python binding for MuPDF - a lightweight PDF and XPS viewer. MuPDF can access files in PDF, XPS, OpenXPS, epub, comic and fiction book formats, and it is known for its top performance and high rendering quality. With PyMuPDF you therefore can also access files with extensions *.pdf, *.xps, *.oxps, *.epub, *.cbz or *.fb2 from your Python scripts. -------------------------------------------------------------------------------- Update Information: mupdf 1.27.1 and dependencies -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 11 2026 Michael J Gruber - 1.27.1-2 - add added patch * Wed Feb 11 2026 Michael J Gruber - 1.27.1-1 - Update to new upstream release 1.27.1 (rhbz#2412929) - compatibility with mupdf 1.27.1 - new method `Document.repair()` - various fixes * Sun Jan 18 2026 Michael J Gruber - 1.26.5-4 - work around rst2pdf incompatibility with docutils 0.22 * Sat Jan 17 2026 Fedora Release Engineering - 1.26.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Oct 28 2025 Michael J Gruber - 1.26.5-2 - rebuild for swig 4.4.0 * Sat Oct 11 2025 Michael J Gruber - 1.26.5-1 - Update to new upstream release 1.26.5 (rhbz#2403129) - adjust to mupdf 1.26.9 (and 10) - improve the Python type annotations - various fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437972 - CVE-2026-25556 mupdf: MuPDF:Denial of Service via crafted input during barcode decoding [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437972 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c06fd97a53' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for python-PyMuPDF in Fedora 43 addresses Denial of Service issue with critical patch guidance.. Fedora 43, Python PyMuPDF, Denial of Service, security advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 23, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200