CVE-2025-15569
Uncontrolled Search Path Vulnerability in MuPDF get_system_dpi
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| artifex | mupdf | to 1.26.1 (inc) |
| artifex | mupdf | 1.26.2 |
| artifex | mupdf | to 1.26.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-15569 is a DLL search order vulnerability in Artifex MuPDF versions up to 1.26.1 on Windows. The issue occurs because the software's function get_system_dpi in the file win_main.c improperly handles the DLL search path when loading system DLLs using the Windows API LoadLibrary. This flaw allows an attacker with local access to place malicious DLLs in user-writable directories, such as download folders, which MuPDF might load instead of legitimate system DLLs."}, {'type': 'paragraph', 'content': 'Exploiting this vulnerability enables the attacker to execute arbitrary code within the context of the MuPDF process. The attack is considered to have high complexity and is difficult to exploit. The issue is fixed by upgrading to MuPDF version 1.26.2.'}] [1, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to execute arbitrary code within the MuPDF process. This means the attacker could potentially gain control over the application, leading to compromise of confidentiality, integrity, and availability of the system running MuPDF.
Because the attack requires local access and is difficult to exploit, the risk is somewhat mitigated, but if exploited, it could lead to serious security breaches including unauthorized code execution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local uncontrolled search path issue in Artifex MuPDF on Windows, specifically in the get_system_dpi function. Detection involves verifying the version of MuPDF installed on your system.
Since the vulnerability requires local access and involves DLL search order manipulation, network detection is not applicable.
To detect if your system is vulnerable, check the installed MuPDF version. Versions up to 1.26.1 are affected, and version 1.26.2 or later contains the fix.
- On Windows, you can check the MuPDF version by running the MuPDF executable with a version flag, for example: mupdf.exe --version
- Alternatively, check the file properties of the MuPDF executable or DLL files to identify the version.
There are no specific network commands or signatures to detect exploitation attempts due to the local nature and high complexity of the attack.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade Artifex MuPDF to version 1.26.2 or later, which contains the patch that fixes the uncontrolled search path vulnerability.
Ensure that only trusted directories are writable by users to prevent placing malicious DLLs in user-writable locations that MuPDF might load.
Limit local access to systems running vulnerable versions of MuPDF to reduce the risk of exploitation.
Apply the patch identified by commit ebb125334eb007d64e579204af3c264aadf2e244 if upgrading is not immediately possible.