Uncontrolled Search Path Vulnerability in Artifex MuPDF for Windows
CVE-2025-15569

7.3HIGH

Key Information:

Vendor

Artifex
Status
MuPDF
Vendor
CVE Published:
10 February 2026

What is CVE-2025-15569?

A flaw has been identified in Artifex MuPDF up to version 1.26.1 for Windows, specifically within the get_system_dpi function located in platform/x11/win_main.c. This vulnerability allows for an uncontrolled search path that can potentially be exploited by an attacker with local access. The complexity of this attack is high, making successful exploitation difficult. Users are urged to upgrade to version 1.26.2 to address this security concern effectively.

Affected Version(s)

MuPDF 1.26.0

MuPDF 1.26.1

MuPDF 1.26.2

References

https://vuldb.com/?id.344924
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344924
signaturepermissions-required
https://vuldb.com/?submit.750978
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

nmaochea (VulDB User)
.