An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean
utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the strip_outline()
function enters infinite recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mupdf | Ubuntu | devel | * |
Mupdf | Ubuntu | esm-apps/bionic | * |
Mupdf | Ubuntu | esm-apps/focal | * |
Mupdf | Ubuntu | esm-apps/jammy | * |
Mupdf | Ubuntu | esm-apps/noble | * |
Mupdf | Ubuntu | esm-apps/xenial | * |
Mupdf | Ubuntu | jammy | * |
Mupdf | Ubuntu | noble | * |
Mupdf | Ubuntu | plucky | * |
Mupdf | Ubuntu | upstream | * |