CVE-2021-3407	24.02.21 00:15
A flaw was found in mupdf 1.18.0. Double free of object during
linearization may lead to memory corruption and other potential
consequences.

mupdf has made no release yet, so you need to cherry-pick the commit: 
https://git.ghostscript.com/?p=mupdf.git;a=log;h=cee7cefc610d42fd383b3c80c12cbc675443176a