CVE-2026-3029
Publication date 20 March 2026
Last updated 20 March 2026
Ubuntu priority
Description
A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in PyMuPDF version, 1.26.5.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| pymupdf | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-3029
- https://github.com/pymupdf/PyMuPDF/issues/4767
- https://github.com/pymupdf/PyMuPDF/commit/756e1ee94421fb7c570ef49bfdac21c72025417d (1.26.7)
- http://github.com/pymupdf/PyMuPDF
- http://github.com/pymupdf/PyMuPDF/commit/603cafe38a183b8bab34f16d05043b4185d8d40a
- https://www.kb.cert.org/vuls/id/504749