MuPDF <= 1.27.0 Barcode Decoding Double Free

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.

N/A

双重释放

MuPDF 资源管理错误漏洞

MuPDF是MuPDF开源的一款以 C 语言编写的自由及开放源代码软件库。用以渲染页面为位图，但也提供对其他操作诸如搜索和列举目录和链接的支持。 MuPDF 1.27.0及之前版本存在资源管理错误漏洞，该漏洞源于fz_fill_pixmap_from_display_list函数在显示列表渲染期间发生异常时存在双重释放，可能导致堆损坏和进程崩溃。

N/A

N/A